Modify ↓
#275 closed defect (fixed)
html processor should probably be disabled by default or operate in "safe" mode.
| Reported by: | Jonas Borgström | Owned by: | daniel |
|---|---|---|---|
| Priority: | highest | Milestone: | 0.7 |
| Component: | wiki system | Version: | 0.6.1 |
| Severity: | normal | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
The html processor could potentially be dangerous if malicious users embedd <embed>, <object> or <script> tags.
Attachments (0)
Change History (5)
comment:1 by , 22 years ago
| Priority: | high → normal |
|---|
comment:2 by , 22 years ago
| Priority: | normal → highest |
|---|
comment:3 by , 22 years ago
| Milestone: | 0.6.2 → 0.7 |
|---|
comment:4 by , 22 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:5 by , 22 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed in [479].
Could probably be improved.