Bug #5453: HTML Injection via comment/short description fields - Node Registration V2 - Fermilab Redmine

Bug #5453

HTML Injection via comment/short description fields

Added by Timothy Zingelman almost 6 years ago.

Status:

New

Priority:

Low

Assignee:

Start date:

02/15/2014

Due date:

% Done:

Estimated time:

Duration:

Description

We discussed this at a meeting. It is possible to insert HTML code into the comment and short description fields which then gets interpreted on the MISCOMP web forms.
I think simply changing every double-quote (") to a single-quote (') might 'fix' the issue.
This is LOW priority, as I just discovered that the existing MISCOMP web forms have the same problem!

Also available in: Atom PDF

Project

General

Profile

BIN » Node Registration V2

Issues

Custom queries

Bug #5453

HTML Injection via comment/short description fields