Ticket #8580 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Comments not properly escaped / script injection possibility

Reported by: anonymous Assigned to: richard
Priority: normal Component: TracTicketChangelogPlugin
Severity: major Keywords:
Cc: Trac Release: 0.12

Description

The ChangeLog? comment on the ticket view is not escaped which, in addition to not showing "<text>" style comments, means it is possible to inject script tags.

Attachments

Change History

03/09/11 12:11:54 changed by richard

  • status changed from new to closed.
  • resolution set to fixed.

(In [9935]) Fixed #8580

Add/Change #8580 (Comments not properly escaped / script injection possibility)




Change Properties
Action