-
Notifications
You must be signed in to change notification settings - Fork 821
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consumer Group Id is not html escaped in the UI #641
Comments
Hey @davideicardi, I tried to investigate this issue and following are my findings,
I started looking into the code recently, I could be wrong with my analysis. Feel free to correct me and guide for the same. Looking forward to contribute more with this project. Let me know if any further investigation is required. ![]() ![]() |
Thank you @aakashthakare! |
Hello @davideicardi, thanks for the response. Yes, need to fix from server side. The URL |
What if you pass it as URL encoded? (not HTML encoded ...) |
It will solve upto some extent, not completely. For example, consumer group id is One way is to do Bse64 encoding/decoding of the groupId, but need to see how we can decode it to display the readable consumer id. Check out this commit. |
This issue is stale because it has been open for 30 days with no activity. |
I have received a bug report from "d.morozov" regarding how consumer group id is displayed inside the UI. It looks like it is not html escaped so potentially it can break the UI or we can have have security issues.
Verify if this is true and how we can fix it.
The text was updated successfully, but these errors were encountered: