[rt-devel] I18N bug fixed
Jesse Vincent
jesse at bestpractical.com
Sun Mar 2 15:58:18 EST 2003
On Sat, Mar 01, 2003 at 05:01:59PM +0100, Jeroen Ruigrok/asmodai wrote:
> -On [20030228 22:35], Jesse Vincent (jesse at bestpractical.com) wrote:
> >http://www.cgisecurity.com/articles/xss-faq.shtml is the faq you want to
> >read. And change #253 (what will be 2.1.77) is the change in RT where I
> >finished implementing the fix. your bug report about the encoding sub
> >was the key to the solution. thanks.
>
> You sure you didn't introduce a bug here Jesse?
Introduce, no. Unmask, yes. The answer is not to just delete that code,
as it actually matters. Instead, 2.1.78 tests and untaints the data, if
it's safe.
--
http://www.bestpractical.com/rt -- Trouble Ticketing. Free.
More information about the Rt-devel
mailing list