Edgewall Software

Opened 18 years ago

Closed 18 years ago

Last modified 16 years ago

#817 closed defect (fixed)

User names associated with ticket attachments are not HTML-escaped

Reported by: Christopher Lenz Owned by: Jonas Borgström
Priority: normal Milestone: 0.8
Component: ticket system Version: devel
Severity: minor Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:


As can be seen on ticket #791 (as of this writing), the name of the user that has added an attachment to the ticket is not escaped. In particular, this is a problem with session names including the email address, such as Tom example <tom@example.com>. Here the email address in interpreted as a tag by browsers.

Attachments (0)

Change History (1)

comment:1 by Christopher Lenz, 18 years ago

Resolution: fixed
Status: newclosed

That appears to have been fixed in [913].

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.