[Tracker-discuss] [issue296] XSS vulnerability in ok_message

Ezio Melotti Mon, 15 Aug 2011 02:15:58 -0700

Ezio Melotti <ezio.melo...@gmail.com> added the comment:

Now the XSS vulnerability should be fixed (see #411), e.g.:
issue?@template=<b>xss</b>
issue?@ok_message=<script>alert('xss');</script>
issue?@error_message=<script>alert('xss');</script>


the ok_message supports a few tags, like <b> and <br>, but not <script>.
If you can find any way to make the script work, please reopen this.

----------
assignedto:  -> ezio.melotti
status: chatting -> resolved

_______________________________________________________
PSF Meta Tracker <metatrac...@psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue296>
_______________________________________________________
_______________________________________________
Tracker-discuss mailing list
Tracker-discuss@python.org
http://mail.python.org/mailman/listinfo/tracker-discuss

[Tracker-discuss] [issue296] XSS vulnerability in ok_message

Reply via email to