View Issue Details

IDProjectCategoryView StatusLast Update
16658Bug reportsPrint Viewpublic2020-09-22 16:35
Reporterfajardas Assigned To 
PrioritynormalSeveritypartial_block 
Status confirmedResolutionopen 
Product Version4.3.15 
Summary16658: queXMLPDF export shows JS script
Description

The queXMLPDF export shows the embedded JS script at the exported file.

TagsNo tags attached.
Complete LimeSurvey version number (& build)4.3.15+200907
I will donate to the project if issue is resolvedNo
Browser
Database & DB-VersionMySQL Community - 8.0.18
Server OS (if known)
Webserver software & version (if known)
PHP Version7.3.13

Activities

fajardas

fajardas

2020-09-10 16:50

reporter  

Capture.png (40,436 bytes)   
Capture.png (40,436 bytes)   
Capture2.png (56,323 bytes)   
Capture2.png (56,323 bytes)   
test-866869-queXML.pdf (30,574 bytes)
gabrieljenik

gabrieljenik

2020-09-21 22:31

developer   ~59913

Same should happen with LSv3.
Will apply patch on that branch after

gabrieljenik

gabrieljenik

2020-09-22 16:35

developer   ~59929

Updated QueXMLCleanup. Replaced "strip_tags" by CHtmlPurifier. strip_tags removed the tags but kept their inner content (the javascript in this case).
PR: https://github.com/LimeSurvey/LimeSurvey/pull/1601

Issue History

Date Modified Username Field Change
2020-09-10 16:50 fajardas New Issue
2020-09-10 16:50 fajardas File Added: limesurvey_survey_866869.lss
2020-09-10 16:50 fajardas File Added: Capture.png
2020-09-10 16:50 fajardas File Added: Capture2.png
2020-09-10 16:50 fajardas File Added: test-866869-queXML.pdf
2020-09-15 15:10 cdorin Priority none => normal
2020-09-15 15:10 cdorin Severity minor => partial_block
2020-09-15 15:10 cdorin Status new => confirmed
2020-09-21 22:31 gabrieljenik Note Added: 59913
2020-09-22 16:35 gabrieljenik Note Added: 59929