Reproduction scenario:
- Go to a kanban
- Type the character
( in the filter
Trace:
Uncaught SyntaxError: unterminated parenthetical
InPropertiesFilter in-properties-filter.js:22
InPropertiesFilter in-properties-filter.js:21
filterItems kanban-column-service.js:201
filterBacklogCards app-kanban-controller.js:230
filterCards app-kanban-controller.js:214
initFilter app-kanban-controller.js:178
dispatch tlp-8bc40e5e22d379219872.tlp-en_US.js:1
handle tlp-8bc40e5e22d379219872.tlp-en_US.js:1
add tlp-8bc40e5e22d379219872.tlp-en_US.js:1
Un tlp-8bc40e5e22d379219872.tlp-en_US.js:1
each tlp-8bc40e5e22d379219872.tlp-en_US.js:1
each tlp-8bc40e5e22d379219872.tlp-en_US.js:1
Un tlp-8bc40e5e22d379219872.tlp-en_US.js:1
on tlp-8bc40e5e22d379219872.tlp-en_US.js:1
initFilter app-kanban-controller.js:176
init app-kanban-controller.js:136
Angular 14
fe tlp-8bc40e5e22d379219872.tlp-en_US.js:1
ct tlp-8bc40e5e22d379219872.tlp-en_US.js:1
setTimeout handler*677/</Deferred/then/M/< tlp-8bc40e5e22d379219872.tlp-en_US.js:1
E tlp-8bc40e5e22d379219872.tlp-en_US.js:1
fireWith tlp-8bc40e5e22d379219872.tlp-en_US.js:1
fire tlp-8bc40e5e22d379219872.tlp-en_US.js:1
E tlp-8bc40e5e22d379219872.tlp-en_US.js:1
fireWith tlp-8bc40e5e22d379219872.tlp-en_US.js:1
ready tlp-8bc40e5e22d379219872.tlp-en_US.js:1
ft tlp-8bc40e5e22d379219872.tlp-en_US.js:1
677 tlp-8bc40e5e22d379219872.tlp-en_US.js:1
677 tlp-8bc40e5e22d379219872.tlp-en_US.js:1
677 tlp-8bc40e5e22d379219872.tlp-en_US.js:1
Tt tlp-8bc40e5e22d379219872.tlp-en_US.js:4
<anonymous> tlp-8bc40e5e22d379219872.tlp-en_US.js:8
<anonymous> tlp-8bc40e5e22d379219872.tlp-en_US.js:12
<anonymous> tlp-8bc40e5e22d379219872.tlp-en_US.js:12
in-properties-filter.js:22
Note: while this can be exploited to do a DoS it can only be triggered by the user itself, is contained to the browser tab and does not impact the integrity or confidentiality of the information.