[rt-devel] I18N bug fixed
Stanislav Sinyagin
ssinyagin at yahoo.com
Fri Feb 28 17:36:55 EST 2003
--- Jesse Vincent <jesse at bestpractical.com> wrote:
>
> http://www.cgisecurity.com/articles/xss-faq.shtml is the faq you want to
> read. And change #253 (what will be 2.1.77) is the change in RT where I
> finished implementing the fix. your bug report about the encoding sub
> was the key to the solution. thanks.
so, only special characters need escaping, like < and >, and maybe few more.
I'll try and write the Mason escape handler for that on Monday... if
nothing more urgent happens...
Nice weekend,
Stan
More information about the Rt-devel
mailing list