Context Navigation

Modify ↓

#817 closed defect (fixed)

User names associated with ticket attachments are not HTML-escaped

Reported by:	Christopher Lenz	Owned by:	Jonas Borgström
Priority:	normal	Milestone:	0.8
Component:	ticket system	Version:	devel
Severity:	minor	Keywords:
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

As can be seen on ticket #791 (as of this writing), the name of the user that has added an attachment to the ticket is not escaped. In particular, this is a problem with session names including the email address, such as Tom example <tom@example.com>. Here the email address in interpreted as a tag by browsers.

Attachments (0)

Change History (1)

comment:1 by Christopher Lenz, 20 years ago

Resolution:	→ fixed
Status:	new → closed

That appears to have been fixed in [913].

Modify Ticket

Change Properties

Summary:
Description:	As can be seen on ticket #791 (as of this writing), the name of the user that has added an attachment to the ticket is not escaped. In particular, this is a problem with session names including the email address, such as {{{Tom example <tom@example.com>}}}. Here the email address in interpreted as a tag by browsers. You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The owner will remain Jonas Borgström.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from Jonas Borgström to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: