Modify

Opened 6 years ago

Closed 6 years ago

#8580 closed defect (fixed)

Comments not properly escaped / script injection possibility

Reported by: anonymous Owned by: Richard Liao
Priority: normal Component: TracTicketChangelogPlugin
Severity: major Keywords:
Cc: Trac Release: 0.12

Description

The ChangeLog comment on the ticket view is not escaped which, in addition to not showing "<text>" style comments, means it is possible to inject script tags.

Attachments (0)

Change History (1)

comment:1 Changed 6 years ago by Richard Liao

Resolution: fixed
Status: newclosed

(In [9935]) Fixed #8580

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Richard Liao.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.