XSS Vulnerability after Editing Tags

Comments (13)

1. 

   Daniel Zoller reporter

   • changed status to open

   • 2015-05-20T17:11:15+00:00
2. 

   Former user Account Deleted

   • changed status to resolved

   

   works here: 2e0d3d5

   • 2015-05-29T09:32:41+00:00
3. 

   Daniel Zoller reporter

   Does not work

   Tested using branch 2470

   • 2015-05-29T11:21:05+00:00
4. 

   Daniel Zoller reporter

   • changed status to open

   • 2015-05-29T11:21:39+00:00
5. 

   Former user Account Deleted

   I double-checked this. On two different browsers I don't get alerts. hg status is clear and there are no outgoing changesets in eclipse. I definetely changed the right file.

   However I don't get alerts on Biblicious either. So if my changes are not yet on biblicious there could still be something wrong with my setup.

   • 2015-05-29T17:15:20+00:00
6. 

   Daniel Zoller reporter

   the alert view pops up after clicking on save not when opening the dialog

   • 2015-06-07T21:18:25+00:00
7. 

   Daniel Zoller reporter

   • removed responsible

   • 2015-06-16T20:43:01+00:00
8. 

   Daniel Zoller reporter

   • assigned issue to
     
     Jennifer Häfner

   • 2015-07-10T06:51:01+00:00
9. 

   Jennifer Häfner

   I changed the signs "<" and ">" to "<" and ">", later they get changed back. This way no alerts appear.

   • 2015-09-18T12:54:06+00:00
10. 

    Daniel Zoller reporter

    I would suggest to use jqueries .text() method which escapes the text by default. No need to use the string replace method.

    • 2015-09-18T13:15:28+00:00
11. 

    Daniel Zoller reporter

    • changed status to resolved

    refixed #2495

    → <<cset 8abb8f5fce53>>

    • 2016-01-24T21:19:06+00:00
12. 

    Daniel Zoller reporter

    • changed milestone to 3.5

    • 2016-01-24T21:21:53+00:00
13. 

    Daniel Zoller reporter

    • changed milestone to 3.5.0

    • 2016-02-24T17:23:23+00:00
14. Log in to comment