[Rt-devel] Any XSS issues?
Drew Taylor
taylor.andrew.j at gmail.com
Tue Jan 13 16:58:27 EST 2009
On Thu, Jan 8, 2009 at 11:57 PM, Jesse Vincent <jesse at bestpractical.com> wrote:
>
> On Thu, Jan 08, 2009 at 11:55:08PM +0000, Drew Taylor wrote:
>> The topic of XSS vulnerability came up in an internal discussion about
>> ... This tells me that there is
>> definitely some level of XSS prevention built into RT.
>
> There certainly is.
>
>> Any gotchas I should know about?
>
> Nope. As always, we do take security issues very seriously and would
Well, we did find one gotcha though I can't strictly call it RT's
fauly. Creating tickets through the web UI does successfully escape
malicious output, but that doesn't apply to tickets created via
RT::Client::REST. Is there a way I can get REST-generated tickets to
go through the same escaping as UI-generated tickets?
Thanks,
Drew
--
----------------------------------------------------------------
Drew Taylor * Web development & consulting
Email: drew at drewtaylor.com * Site implementation & hosting
Web : www.drewtaylor.com * perl/mod_perl/DBI/mysql/postgres
----------------------------------------------------------------
More information about the Rt-devel
mailing list