[rt-devel] I18N bug fixed

Stanislav Sinyagin ssinyagin at yahoo.com
Fri Feb 28 17:36:55 EST 2003


--- Jesse Vincent <jesse at bestpractical.com> wrote:
> 
> http://www.cgisecurity.com/articles/xss-faq.shtml is the faq you want to
> read. And change #253 (what will be 2.1.77) is the change in RT where I
> finished implementing the fix. your bug report about the encoding sub
> was the key to the solution. thanks.

so, only special characters need escaping, like &lt; and &gt;, and maybe few more.
I'll try and write the Mason escape handler for that on Monday... if 
nothing more urgent happens...

Nice weekend, 
Stan



More information about the Rt-devel mailing list