[Bug 582211] New: escape html in request diff page
http://bugzilla.novell.com/show_bug.cgi?id=582211 http://bugzilla.novell.com/show_bug.cgi?id=582211#c0 Summary: escape html in request diff page Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: BuildService AssignedTo: coolo@novell.com ReportedBy: meissner@novell.com QAContact: adrian@novell.com CC: security-team@suse.de Found By: --- Blocker: --- the status - > requests diff view does not escape HTML correctly. (i reported one sample to coolo) this allows XSS etc , so please fix. reminder bug for coolo :) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=582211
http://bugzilla.novell.com/show_bug.cgi?id=582211#c1
--- Comment #1 from Stephan Kulow
http://bugzilla.novell.com/show_bug.cgi?id=582211
http://bugzilla.novell.com/show_bug.cgi?id=582211#c4
--- Comment #4 from Stephan Kulow
http://bugzilla.novell.com/show_bug.cgi?id=582211
http://bugzilla.novell.com/show_bug.cgi?id=582211#c5
Stephan Kulow
http://bugzilla.novell.com/show_bug.cgi?id=582211
http://bugzilla.novell.com/show_bug.cgi?id=582211#c6
--- Comment #6 from Adrian Schröter
participants (1)
-
bugzilla_noreply@novell.com