[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[savannah-help-public] [sr #109428] Comment preview does not escape HTML
|
From: |
David Corbett |
|
Subject: |
[savannah-help-public] [sr #109428] Comment preview does not escape HTML |
|
Date: |
Fri, 15 Dec 2017 14:31:21 -0500 (EST) |
|
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Firefox/52.0 |
URL:
<http://savannah.gnu.org/support/?109428>
Summary: Comment preview does not escape HTML
Project: Savannah Administration
Submitted by: dscorbett
Submitted on: Fri 15 Dec 2017 07:31:19 PM UTC
Category: Savannah trackers - bugs, tasks, etc.
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Assigned to: None
Originator Email:
Operating System: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Previewing a comment copies its contents verbatim into the preview page
without escaping special HTML characters. For example, try previewing
“<script>alert(1)</script>”.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?109428>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [savannah-help-public] [sr #109428] Comment preview does not escape HTML,
David Corbett <=