Modify

Opened 4 years ago

Closed 4 years ago

#8580 closed defect (fixed)

Comments not properly escaped / script injection possibility

Reported by: anonymous Owned by: richard
Priority: normal Component: TracTicketChangelogPlugin
Severity: major Keywords:
Cc: Trac Release: 0.12

Description

The ChangeLog comment on the ticket view is not escaped which, in addition to not showing "<text>" style comments, means it is possible to inject script tags.

Attachments (0)

Change History (1)

comment:1 Changed 4 years ago by richard

  • Resolution set to fixed
  • Status changed from new to closed

(In [9935]) Fixed #8580

Add Comment

Modify Ticket

Action
as closed The owner will remain richard.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.