[contribteam] [Bug 11028] command is truncated when you click modify

bugzilla-daemon--- via contribteam Fri, 09 Apr 2021 12:38:40 -0700

https://bugs.koozali.org/show_bug.cgi?id=11028


Jean-Philippe Pialasse <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[email protected]

--- Comment #1 from Jean-Philippe Pialasse <[email protected]> ---
confirmed

sanitized is needed

<input value="echo " hello="" world""="" name="command" type="text"
size="50"></td>


will also bug (but not at same level if you add a , or if you add a |


for the "" we could html encode before sending to browser


for the , it is used to split the values


finally the | is used to store in db is already refused

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 11028] command is truncated when you click modify

Reply via email to