Launchpad itself

Paragraph tags in blueprint title

Bug #745893 reported by Jonathan Lange
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Critical
Ian Booth
Launchpad itself 11.04

Bug Description

See https://blueprints.launchpad.net/ubuntu/+spec/other-o-launchpad-plans. Look at the title in the browser window. It is "<p>Launchpad plans</p>". It should say "Launchpad plans".

I don't recall changing the title using AJAX, I think I just submitted the registration form normally.

You can see the same effect by editing the title of an existing blueprint. I don't *think* this is an XSS bug (I tried a couple of things), but marking it as such just in case.

Tags: qa-ok

Related branches

lp://qastaging/~wallyworld/launchpad/blueprint-title-fix
Robert Collins (community): Approve
William Grant: Approve (code*)
Tim Penhey: Pending requested
Diff: 232 lines (+35/-51)
7 files modified
lib/lp/app/javascript/client.js (+11/-22)
lib/lp/app/javascript/lp.ui.js (+5/-2)
lib/lp/app/javascript/multicheckbox.js (+1/-2)
lib/lp/app/javascript/picker.js (+1/-5)
lib/lp/app/javascript/tests/test_lp_client.js (+13/-16)
lib/lp/blueprints/templates/specification-index.pt (+3/-3)
lib/lp/code/templates/sourcepackagerecipe-index.pt (+1/-1)
Ian Booth (wallyworld)
Changed in launchpad:
assignee: nobody → Ian Booth (wallyworld)
status: Triaged → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r12710 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/12710>.

Changed in launchpad:
milestone: none → 11.04
tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
William Grant (wgrant)
tags: added: qa-ok
removed: qa-needstesting
Revision history for this message
William Grant (wgrant) wrote :

This wasn't a security vulnerability; it was caused by a bad fix for one.

Changed in launchpad:
status: Fix Committed → Fix Released
visibility: private → public
security vulnerability: yes → no
William Grant (wgrant)
Changed in launchpad:
status: Fix Released → Fix Committed
tags: added: bad-commit-12710 qa-bad
removed: qa-ok
Revision history for this message
William Grant (wgrant) wrote :

This caused a nasty regression, bug #746897. The fix is in EC2.

William Grant (wgrant)
tags: added: qa-ok
removed: bad-commit-12710 qa-bad
William Grant (wgrant)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.