[Rt-devel] Any XSS issues?

Jerrad Pierce jpierce at cambridgeenergyalliance.org
Wed Jan 14 00:17:24 EST 2009


> Well, we did find one gotcha though I can't strictly call it RT's
> fauly. Creating tickets through the web UI does successfully escape
> malicious output, but that doesn't apply to tickets created via
> RT::Client::REST. Is there a way I can get REST-generated tickets to
> go through the same escaping as UI-generated tickets?
This module's not supported by Best Practical, and closer to unsupported
right now. Dmitri et al. are handing out commit bits for google code (ick,
one of the reasons I've not yet made some fixes) if you're interested.
Otherwise, you could submit a patch on rt.cpan.org

-- 
Cambridge Energy Alliance: Save money. Save the planet.


More information about the Rt-devel mailing list