View Issue Details

This bug affects 2 person(s).
 12
IDProjectCategoryView StatusLast Update
19563Bug reportsSurvey editingpublic2024-05-14 11:00
Reporterritapas Assigned To 
PrioritynoneSeverityminor 
Status newResolutionopen 
Product Version6.5.x 
Summary19563: HTML entity & is shown as & in subquestions when XSS is enabled
Description

if you design a subquestion with entity & in subquestions when XSS is enabled, it is shown as &

Steps To Reproduce

Steps to reproduce

enable xss
create a survey with a question with subquestions e.g List(dropdown)
use the "&" character in the subquestions, either as:
& simply put
& in source code display
insert special character icon

Expected result

"&" is shown

Actual result

"&" is shown
(Write here what happened instead)

TagsNo tags attached.
Attached Files
0.edit1stSubq.PNG (7,292 bytes)   
0.edit1stSubq.PNG (7,292 bytes)   
1.edit3rdSubq.PNG (18,103 bytes)   
1.edit3rdSubq.PNG (18,103 bytes)   
2.allSubqst.PNG (21,057 bytes)   
2.allSubqst.PNG (21,057 bytes)   
3.preview.PNG (30,970 bytes)   
3.preview.PNG (30,970 bytes)   
Bug heat12
Complete LimeSurvey version number (& build)6.5.4 (build 240422)
I will donate to the project if issue is resolvedNo
Browser
Database type & versionDatabase driver pgsql Database driver version 13.5
Server OS (if known)
Webserver software & version (if known)
PHP VersionPHP version 7.4.33

Users monitoring this issue

ritapas, seccanj

Activities

ritapas

ritapas

2024-05-14 10:58

reporter   ~80101

This also happens in LS5

Issue History

Date Modified Username Field Change
2024-05-13 15:48 ritapas New Issue
2024-05-13 15:48 ritapas File Added: 0.edit1stSubq.PNG
2024-05-13 15:48 ritapas File Added: 1.edit3rdSubq.PNG
2024-05-13 15:48 ritapas File Added: 2.allSubqst.PNG
2024-05-13 15:48 ritapas File Added: 3.preview.PNG
2024-05-14 10:38 ritapas Issue Monitored: ritapas
2024-05-14 10:38 ritapas Bug heat 0 => 2
2024-05-14 10:58 ritapas Note Added: 80101
2024-05-14 10:58 ritapas Bug heat 2 => 4
2024-05-14 11:00 seccanj Issue Monitored: seccanj
2024-05-14 11:00 seccanj Bug heat 4 => 12