Edgewall Software
Modify

Opened 15 years ago

Closed 15 years ago

Last modified 13 years ago

#817 closed defect (fixed)

User names associated with ticket attachments are not HTML-escaped

Reported by: Christopher Lenz Owned by: Jonas Borgström
Priority: normal Milestone: 0.8
Component: ticket system Version: devel
Severity: minor Keywords:
Cc: Branch:
Release Notes:
API Changes:

Description

As can be seen on ticket #791 (as of this writing), the name of the user that has added an attachment to the ticket is not escaped. In particular, this is a problem with session names including the email address, such as Tom example <tom@example.com>. Here the email address in interpreted as a tag by browsers.

Attachments (0)

Change History (1)

comment:1 by Christopher Lenz, 15 years ago

Resolution: fixed
Status: newclosed

That appears to have been fixed in [913].

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to as closed The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.