Context Navigation

Modify ↓

Ticket #817 (closed defect: fixed)

User names associated with ticket attachments are not HTML-escaped

Reported by:	cmlenz	Owned by:	jonas
Priority:	normal	Milestone:	0.8
Component:	ticket system	Version:	devel
Severity:	minor	Keywords:
Cc:
Release Notes:
API Changes:

Description

As can be seen on ticket #791 (as of this writing), the name of the user that has added an attachment to the ticket is not escaped. In particular, this is a problem with session names including the email address, such as Tom example <tom@example.com>. Here the email address in interpreted as a tag by browsers.

Attachments

Change History

comment:1 Changed 8 years ago by cmlenz

Resolution set to fixed
Status changed from new to closed

That appears to have been fixed in [913].

View ↑

Add a comment

You may use WikiFormatting here.

Modify Ticket

Change Properties

Summary:
Description:	You may use WikiFormatting here. As can be seen on ticket #791 (as of this writing), the name of the user that has added an attachment to the ticket is not escaped. In particular, this is a problem with session names including the email address, such as {{{Tom example <tom@example.com>}}}. Here the email address in interpreted as a tag by browsers.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Add/Remove from Cc:	<Author field>
Release Notes:
API Changes:

Action

leave as closed

reopen The resolution will be deleted. Next status will be 'reopened'

change ownership to The owner will be changed from jonas. Next status will be 'closed'

Author

Your email or username:

E-mail address and user name can be saved in the Preferences.

Attachments ↑

Note: See TracTickets for help on using tickets.

Download in other formats: