- **private**: Yes --> No
--- ** [tickets:#8255] Escape html on wiki & blog diff views** **Status:** closed **Milestone:** unreleased **Labels:** security **Created:** Fri Oct 26, 2018 08:15 PM UTC by Dave Brondsema **Last Updated:** Fri Oct 26, 2018 08:59 PM UTC **Owner:** Dave Brondsema The code that generates diffs for the revision history viewing on blog posts & wiki pages, does not escape HTML. --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
