[rt-devel] HTML escaping bug in Update.html / "security problem"

ivan ivan-rt-devel at 420.am
Fri Apr 5 08:47:29 EST 2002

See http://fsck.com/rt2/Ticket/Display.html?id=1330 (if it hasn't been
fixed already).

HTML escaping bugs are probably a "security problem" of sorts as a ticket
submitter (anonymous or with minimal permissions) can do all sorts of
nasty things to the browsers of those reading the tickets.


(p.s. mmmmm being an RT user... much better than hacking RT :)


More information about the Rt-devel mailing list