Bug #146
Add XSS protection
| Status: | Closed | Start: | 02/08/2010 | |
| Priority: | High | Due date: | ||
| Assigned to: | Patrick Guiran | % Done: | 100% |
|
| Category: | Internal | Spent time: | - | |
| Target version: | 0.8.2 | Estimated time: | 4.00 hours | |
Description
rename all dangerous HTML tag in comment, so that no effect occured when the comment is display.
exemple, which break page style:
<meta name="qrichtext" content="1" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
p, li { white-space: pre-wrap; }
</style>
History
02/10/2010 02:55 PM - Patrick Guiran
- Status changed from Assigned to Resolved
commit 22f53e7d0b2e00654557b2c2358943a801a93578
02/10/2010 02:55 PM - Patrick Guiran
- % Done changed from 0 to 100
03/12/2010 02:26 PM - Patrick Guiran
- Status changed from Resolved to Closed