3977: Cannot Attach HTML to ReviewBoard after Upgrade to version 2.0.12

NotABug
Review Board
Priority: Medium

Type: Defect

Reported by:	trivia21 9 years, 7 months
Unassigned

What version are you running?

2.0.12

What's the URL of the page containing the problem?

What steps will reproduce the problem?

Raise a review request.
Attach/Add a html file to it.
The html file shows html code instead of rendering it for review.

What is the expected output? What do you see instead?

Render html file for the review, instead of its source code.

What operating system are you using? What browser?

Tried on all major browser.
RHEL6.4

Please provide any additional information below.

#1 david

This is the intended behavior, since rendering user-provided HTML is the definition of an XSS vulnerability. That this rendered previously was a major security problem.

Status:
- New
+ NotABug
Summary:
- Cannot Attach HTML to ReviewBoard after Upgrade to version 2.0.12
+ Cannot Attach HTML to ReviewBoard after Upgrade to version 2.0.12

-	Cannot Attach HTML to ReviewBoard after Upgrade to version 2.0.12
+	Cannot Attach HTML to ReviewBoard after Upgrade to version 2.0.12

-	New
+	NotABug

Welcome to the Splat alpha!