[Tickets #8552] Re: It's possible to inject javascript on Kronolith
bugs at horde.org
bugs at horde.org
Wed Jan 13 00:11:03 UTC 2010
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/8552
------------------------------------------------------------------------------
Ticket | 8552
Updated By | CVS Commit <cvs at lists.horde.org>
Summary | It's possible to inject javascript on Kronolith
Queue | Kronolith
Version | Git master
Type | Bug
State | Resolved
Priority | 1. Low
Milestone |
Patch |
Owners | Jan Schneider
------------------------------------------------------------------------------
CVS Commit <cvs at lists.horde.org> (2010-01-12 19:11) wrote:
Changes have been made in Git for this ticket:
Element.update() and Element.insert() don't escape content and eval
scripts automatically. Escape any plain text being inserted (Bug #8552).
http://git.horde.org/diff.php/kronolith/js/kronolith.js?rt=horde-git&r1=fabc16d8ac224bbcf5fbe2f5ff4ac26af563d69c&r2=62b96aed490816b1f2a5c7334ab21bb324455df9
More information about the bugs
mailing list