- changed status to open
XSS Vulnerability after Editing Tags
After successfully editing tags (e.g. adding <script>alert("hallo")</script>
as tag) using the modal fast editing dialog, a "hallo" message pops up. Please fix.
Comments (13)
-
reporter -
Account Deleted - changed status to resolved
works here: 2e0d3d5
-
reporter Does not work
Tested using branch 2470
-
reporter - changed status to open
-
Account Deleted I double-checked this. On two different browsers I don't get alerts. hg status is clear and there are no outgoing changesets in eclipse. I definetely changed the right file.
However I don't get alerts on Biblicious either. So if my changes are not yet on biblicious there could still be something wrong with my setup.
-
reporter the alert view pops up after clicking on save not when opening the dialog
-
reporter - removed responsible
-
reporter -
assigned issue to
-
assigned issue to
-
I changed the signs "<" and ">" to "<" and ">", later they get changed back. This way no alerts appear.
-
reporter I would suggest to use jqueries .text() method which escapes the text by default. No need to use the string replace method.
-
reporter - changed status to resolved
refixed
#2495→ <<cset 8abb8f5fce53>>
-
reporter - changed milestone to 3.5
-
reporter - changed milestone to 3.5.0
- Log in to comment