Bug description
I recently had to import an finding with the following format, which I also imported in the demo instance (see https://demo.defectdojo.org/finding?vulnerability_id=test-123 and https://demo.defectdojo.org/finding/348 )
=> example snippet in Sample scan files
When importing findings are shown, e.g., in the "All Findings" view, the & is displayed in the corresponding HTML encoding. When clicking on the detailed view, this encoding persists in the path but is decoding in the title
=> see picture in Screenshots
Steps to reproduce
Steps to reproduce the behavior:
- go to an engagement
- import the JSON snippet shown above
- wait for the import to finish and check the listed findings
Expected behavior
I would expect a consistent display of the information that doesn't show the HTML encodings.
Deployment method (select with an X)
Environment information
- Operating System: n/a
- Docker Compose or Helm version: n/a
- DefectDojo version (see footer) or commit message: v. 2.54.3
Logs
n/a
Sample scan files
{
"findings": [
{
"cve": "test-123",
"title": "When Doing This & That",
"severity": "Medium",
"cvssv3_score": 5.1,
"cvssv3": "3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"description": "We were doing very, very interesting things and found some stuff."
}
]
}Screenshots
Additional context (optional)
Add any other context about the problem here.
Bug description
I recently had to import an finding with the following format, which I also imported in the demo instance (see https://demo.defectdojo.org/finding?vulnerability_id=test-123 and https://demo.defectdojo.org/finding/348 )
=> example snippet in Sample scan files
When importing findings are shown, e.g., in the "All Findings" view, the
&is displayed in the corresponding HTML encoding. When clicking on the detailed view, this encoding persists in the path but is decoding in the title=> see picture in Screenshots
Steps to reproduce
Steps to reproduce the behavior:
Expected behavior
I would expect a consistent display of the information that doesn't show the HTML encodings.
Deployment method (select with an
X)Environment information
Logs
n/a
Sample scan files
{ "findings": [ { "cve": "test-123", "title": "When Doing This & That", "severity": "Medium", "cvssv3_score": 5.1, "cvssv3": "3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", "description": "We were doing very, very interesting things and found some stuff." } ] }Screenshots
Additional context (optional)
Add any other context about the problem here.