URL:
<http://savannah.gnu.org/support/?109428>
Summary: Comment preview does not escape HTML
Project: Savannah Administration
Submitted by: dscorbett
Submitted on: Fri 15 Dec 2017 07:31:19 PM UTC
Category: Savannah trackers - bugs, tasks, etc.
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Assigned to: None
Originator Email:
Operating System: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Previewing a comment copies its contents verbatim into the preview page
without escaping special HTML characters. For example, try previewing
“<script>alert(1)</script>”.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?109428>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
