bugreport.java.com has multiple issues

some-java-user-99206970363698485155 at vodafonemail.de some-java-user-99206970363698485155 at vodafonemail.de
Sun Sep 20 21:33:22 UTC 2020 

Hello,
I am writing this here because, while `web-discuss` appears to be more appropriate, it looks like no 
one is actually reading (or at least responding to) any of the mails there.

https://bugreport.java.com/bugreport/submit_start.do has multiple issues which makes reporting bugs 
annoying, it would be good if they could be fixed:
1. When you press "Submit" but the report is missing required information (other than "Submitter 
Information") the encoding of text you have already written is messed up if it is non-ASCII. To 
reproduce:
  1. Open https://bugreport.java.com/bugreport/submit_start.do
  2. Enter all "Submitter Information" (values do not matter) and enter any captcha value
  3. Use non-ASCII text in any of the other fields, e.g. use "öä" as "Synopsis"
  4. Press "Submit"
  5. Look at the "Synopsis" again -> It is now "öä"
2. When you press "Submit" but the report is missing required information (other than "Submitter 
Information") it can cause HTML injection. To reproduce:
  1. Open https://bugreport.java.com/bugreport/submit_start.do
  2. Enter all "Submitter Information" (values do not matter) and enter any captcha value
  3. Use `'<'` as "Description"
  4. Press "Submit"
  5. Look at the "Description" again -> It now contains the HTML code of the "Reproducing the Issue" 
     steps
3. Transformation to Jira issue messes up encoding. It appears regardless of issue 1, when the report 
contains non-ASCII text, the content ends up message up on Jira. E.g. when using `§` in the 
description it becomes `§` on Jira. There are dozens of issues where this is visible and it likely 
makes anything encoding related pretty difficult to review by the JDK developers.
4. "Operating System" is always required, even when reporting documentation issues which are OS 
independent.
5. "Company" as part of "Submitter Information" is marked as required even though its value does not 
matter. This field should be optional.
(6.) The "Oracle" logo in the top left corner has a different background color than the surrounding, making it look rather weird. (It has a slightly brighter gray and has partially even a complete white 
background.)
(7.) When the page is experiencing technical difficulties, it redirects to HTTP site. See also 
https://mail.openjdk.java.net/pipermail/web-discuss/2020-July/000581.html
(8.) It appears when selecting the separators "--- EARLY ACCESS RELEASES ---" or "--- EARLIER 
RELEASES ---" as "Java Release" they are considered valid versions; at least the yellow "Please 
complete the required fields listed below" warning box does not complain about them.

Kind regards

More information about the discuss mailing list