Security Bug: URLs not properly encoded in search results

Description

If the file name of a file committed to bitbucket includes a special character (e.g. "[". "<", or a quote) the links in the search results windows are broken. This appears to be because the URLs are not being URL-encoded or HTML encoded. This is a security issue because of attacks called Cross-Site-Scripting (XSS) where a malicious user adds can add his/her own javascript to a webpage that victims then view.

Environment

None

Assignee

Rytis Tarasevicius

Reporter

Mohammed Davoodi

Labels

None

Sprint

None

Priority

Medium
Configure