View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000434 | Main CAcert Website | website content | public | 2007-04-19 16:55 | 2013-10-22 21:12 |
| Reporter | law | Assigned To | INOPIAE | ||
| Priority | low | Severity | tweak | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2013 Q4 | ||||
| Summary | 0000434: Formatting of news on start page | ||||
| Description | Please provide general support for formatting news on the start page so that paragraphs and hyperlinks are supported. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
If you can provide a way that solves XSS attacks 100%, we can talk about it. |
|
|
If the news page is using $_GET['id'] then one can use (int)$_GET['id'] and preg_match() to check that its only a integer. Also if bbcode or wikicode and strip_tags() and html_entities() then it will be possible to avoid XSS |
|
|
fixed in the mean time by other bug fixes. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2007-04-19 16:55 | law | New Issue | |
| 2007-04-19 19:41 | Sourcerer | Note Added: 0000834 | |
| 2007-04-28 03:14 | erstazi | Note Added: 0000841 | |
| 2007-04-28 03:17 | erstazi | Note Edited: 0000841 | |
| 2007-06-25 09:15 | evaldo | Priority | normal => low |
| 2007-06-25 09:15 | evaldo | Status | new => confirmed |
| 2013-01-08 04:55 | Werner Dworak | Relationship added | related to 0000067 |
| 2013-01-08 04:56 | Werner Dworak | Status | confirmed => needs work |
| 2013-10-22 21:12 | INOPIAE | Note Added: 0004403 | |
| 2013-10-22 21:12 | INOPIAE | Status | needs work => closed |
| 2013-10-22 21:12 | INOPIAE | Assigned To | => INOPIAE |
| 2013-10-22 21:12 | INOPIAE | Resolution | open => fixed |
| 2013-10-22 21:12 | INOPIAE | Fixed in Version | => 2013 Q4 |
