#2777: html processor trivially exploited to make pages completely unrenderable
--------------------------------+-------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: jonas
Type: defect | Status: new
Priority: high | Milestone:
Component: general | Version: 0.9.4
Severity: critical | Keywords:
--------------------------------+-------------------------------------------
By adding an invalid entity inside a section of markup using the html
processor, trac can be made to render an error page with no content and no
buttons for undoing the damage. Presumably the page will remain in this
state until an admin manually fixes the database.
An example of this is:
{{{
{{{
#!html
&junk;
}}}
}}}
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/2777>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
