[rt-devel] I18N bug fixed

Jesse Vincent jesse at bestpractical.com
Sun Mar 2 15:58:18 EST 2003



On Sat, Mar 01, 2003 at 05:01:59PM +0100, Jeroen Ruigrok/asmodai wrote:
> -On [20030228 22:35], Jesse Vincent (jesse at bestpractical.com) wrote:
> >http://www.cgisecurity.com/articles/xss-faq.shtml is the faq you want to
> >read. And change #253 (what will be 2.1.77) is the change in RT where I
> >finished implementing the fix. your bug report about the encoding sub
> >was the key to the solution. thanks.
> 
> You sure you didn't introduce a bug here Jesse?

Introduce, no. Unmask, yes. The answer is not to just delete that code,
as it actually matters.  Instead, 2.1.78 tests and untaints the data, if
it's safe.




-- 
http://www.bestpractical.com/rt  -- Trouble Ticketing. Free.



More information about the Rt-devel mailing list