Hi, Stuart, the way we have chosen to approach this issue is to stop the JSPUI from rendering any "special characters," not prevent their entry. Are you saying that the JSPUI still renders the HTML you enter in a profile field?
--Hardy Sent from my iPad On Aug 19, 2013, at 7:32 AM, "stuart.wood" <[email protected]> wrote: > Hi, > > I've upgraded to 1.8.3 from 1.8.1, but i'm still able to enter HTML tags in > the edit profile field when logged in to dspace. I looked at the > coverity-security-library and see that the expected functionality is that > these tags are replaced by HTML code counterparts. > > Any thoughts? > > Thanks, > > Stuart > > > > -- > View this message in context: > http://dspace.2283337.n4.nabble.com/Announcing-DSpace-1-8-3-Release-provides-a-JSPUI-security-patch-to-1-8-x-platform-tp4665927p4666673.html > Sent from the DSpace - Devel mailing list archive at Nabble.com. > > ------------------------------------------------------------------------------ > Get 100% visibility into Java/.NET code with AppDynamics Lite! > It's a free troubleshooting tool designed for production. > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk > _______________________________________________ > Dspace-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-devel ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Dspace-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-devel
