Modify

Opened 6 years ago

Closed 6 years ago

#8580 closed defect (fixed)

Comments not properly escaped / script injection possibility

Reported by: anonymous Owned by: Richard Liao
Priority: normal Component: TracTicketChangelogPlugin
Severity: major Keywords:
Cc: Trac Release: 0.12

Description

The ChangeLog comment on the ticket view is not escaped which, in addition to not showing "<text>" style comments, means it is possible to inject script tags.

Attachments (0)

Change History (1)

comment:1 Changed 6 years ago by Richard Liao

Resolution: fixed
Status: newclosed

(In [9935]) Fixed #8580

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Richard Liao.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.