[Rt-devel] Any XSS issues?
Drew Taylor
taylor.andrew.j at gmail.com
Thu Jan 8 18:55:08 EST 2009
Hi all,
The topic of XSS vulnerability came up in an internal discussion about
our pending upgrade to 3.8.x. We ran across a (very) old mailing list
post about RT 2 having XSS protections, nothing obvious since. Using
an "xss scriplet" one of the guys dug up I posted it into the message
box and created a new ticket. The resulting ticket displayed the
javascript exactly as I pasted it in. This tells me that there is
definitely some level of XSS prevention built into RT.
Any gotchas I should know about?
Drew
--
----------------------------------------------------------------
Drew Taylor * Web development & consulting
Email: drew at drewtaylor.com * Site implementation & hosting
Web : www.drewtaylor.com * perl/mod_perl/DBI/mysql/postgres
----------------------------------------------------------------
More information about the Rt-devel
mailing list