[rt-devel] HTML escaping bug in Update.html / "security problem"
ivan
ivan-rt-devel at 420.am
Fri Apr 5 08:47:29 EST 2002
See http://fsck.com/rt2/Ticket/Display.html?id=1330 (if it hasn't been
fixed already).
HTML escaping bugs are probably a "security problem" of sorts as a ticket
submitter (anonymous or with minimal permissions) can do all sorts of
nasty things to the browsers of those reading the tickets.
Thanks!
(p.s. mmmmm being an RT user... much better than hacking RT :)
--
_ivan
More information about the Rt-devel
mailing list