[Tickets #9240] Re: XSS: Mailbox name not encoded properly
bugs at horde.org
bugs at horde.org
Wed Sep 8 16:53:58 UTC 2010
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/9240
------------------------------------------------------------------------------
Ticket | 9240
Updated By | Git Commit <commits at lists.horde.org>
Summary | XSS: Mailbox name not encoded properly
Queue | DIMP
Version | FRAMEWORK_3
Type | Bug
State | Assigned
Priority | 3. High
Milestone | 1.1.5
Patch |
Owners | Michael Slusarz
------------------------------------------------------------------------------
Git Commit <commits at lists.horde.org> (2010-09-08 12:53) wrote:
Changes have been made in Git for this ticket:
Bug #9240: properly escape elements in dimp.
Escape mailbox label since it is directly inserted into page in the
message list title bar.
Escape growler message because it may include user submitted input.
http://git.horde.org/diff.php/imp/docs/CHANGES?rt=horde-git&r1=7ce7ed91b17089d0468c00ae9f743b58516d9bef&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d
http://git.horde.org/diff.php/imp/js/dimpcore.js?rt=horde-git&r1=1d4ab4eae68e0b38ed57f251079ab5341547e2b4&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d
http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d
More information about the bugs
mailing list