Open teamstudio opened 9 years ago
The same:
Also:
Also:
Also the same actual for both fields Task name and Task Description
The same for field Checklist Description at Plan checklists page
The same for field Responsibility description at Responsibilities page
The same for field "Message" on Updates page
Environment: Google Chrome 43.0.2357.81 m Windows 8.1 x64 Enterprise Continuity v 1.4.4 Account used: maxtestlioshared@gmail.com / Lovetesting1
Steps to reproduce:
Expected result: JS injection shouldn't be possible
Actual result: JS alert appears, so JS injection is possible via hazard name when user selects hazard during asset creation
2015-05-27 01h13_19.mp4