Context Navigation

Modify ↓

#8580 closed defect (fixed)

Comments not properly escaped / script injection possibility

Reported by:	anonymous	Owned by:	Richard Liao
Priority:	normal	Component:	TracTicketChangelogPlugin
Severity:	major	Keywords:
Cc:		Trac Release:	0.12

Description

The ChangeLog comment on the ticket view is not escaped which, in addition to not showing "<text>" style comments, means it is possible to inject script tags.

Attachments (0)

Change History (1)

comment:1 Changed 14 years ago by Richard Liao

Resolution:	→ fixed
Status:	new → closed

(In [9935]) Fixed #8580

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Richard Liao.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: