Opened 13 years ago

Closed 13 years ago

#8580 closed defect (fixed)

Comments not properly escaped / script injection possibility

Reported by: anonymous Owned by: Richard Liao
Priority: normal Component: TracTicketChangelogPlugin
Severity: major Keywords:
Cc: Trac Release: 0.12


The ChangeLog comment on the ticket view is not escaped which, in addition to not showing "<text>" style comments, means it is possible to inject script tags.

Attachments (0)

Change History (1)

comment:1 Changed 13 years ago by Richard Liao

Resolution: fixed
Status: newclosed

(In [9935]) Fixed #8580

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Richard Liao.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.