[ZBX-13665] Item with value type char, text or log values are not properly escaped. Created: 2018 Mar 28  Updated: 2023 Mar 14  Resolved: 2023 Mar 14

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Frontend (F)
Affects Version/s: 4.0.0alpha6
Fix Version/s: None

Type: Problem report Priority: Trivial
Reporter: Gregory Chalenko Assignee: Zabbix Development Team
Resolution: Duplicate Votes: 0
Labels: escaping, frontend, html
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File htmlentities_not_escaped.png    
Sprint: Sprint 98 (Mar 2023)

 Description   

Item value containing HTML entities are not properly escaped.
For example pages: Monitoring -> Latest data (list and single item values list), Monitoring -> Overview (item values list).

Steps to reproduce:

  1. Create trapper item with value type log, char or text.
  2. Send &quot=test as value
  3. Open latest data

Result:
Observed "=test as item last value
Expected:
&quot=test as item last value

Was moved from ZBXNEXT-4359

 Comments   
Comment by richlv [ 2018 Mar 28 ]

ZBXNEXT-4358 has no (26).

this was edited - but ZBXNEXT-4359 still has no (26)

gcalenko Thank you, fixed issue description.

<richlv> ...it now references ZBXNEXT-4359, but that issue has no escaping problems mentioned.

for a casual onlooker - zabbix team has closed up and comments on issues from the team are secret now. the guess is that in ZBXNEXT-4359 there is a comment about this problem, just that nobody but the developers can see it.

my personal take is that this approach is detrimental for zabbix long-term. it is unlikely to change, though. nothing much can be done for this particular issue.

Comment by Glebs Ivanovskis (Inactive) [ 2018 Apr 04 ]

Hey, richlv, you should know that there is no equality between company's policy and employee's personal opinion. Typically employee cannot even afford such. Your comments here are not watched by those who can change the policy and may only lead to employees' desire to create tickets with restricted access instead of public ones to avoid such discussions. Be certain that company's current policy will not object that.

Comment by richlv [ 2018 Apr 09 ]

glebs.ivanovskis, a very valid point. please let me reassure everybody that the intent has never been to stifle individual developers. quite the opposite, the effort of all the great individuals is highly appreciated. perhaps other communication channels are to be considered for such feedback.

Comment by Miks Kronkalns [ 2023 Mar 13 ]

Fixed in scope of ZBX-22386.

Generated at Thu Apr 25 19:50:06 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.