Ticket #1195 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

r4098 introduces a security issue

Reported by: ddebernardy Owned by:
Priority: major Milestone: 0.7
Component: Habari Core Software Version: SVN
Keywords: Cc:

Description

if untrusted users are inserting tags, r4098 introduces the possibility to craft tags that allow to inject scripts:

mytag" onclick="alert('xss');"

Change History

comment:1 Changed 2 years ago by ddebernardy

related: #1197

comment:2 Changed 2 years ago by rickc

  • Status changed from new to closed
  • Resolution set to fixed

Fixed in r4102.

Note: See TracTickets for help on using tickets.