html tags are not escaped when presented in status information
Summary 0000074: html tags are not escaped when presented in status information
Description Html tags are not escaped when presented in status information which causes that status information page can be easily "broken" by feeding with weird html tags.
Attached screenshot shows the problem.
- Status changed from New to Feedback
Asked for more info on the upstream tracker
- Project changed from Core to Classic UI
- Category deleted (
- Assignee set to Meier
- Priority changed from Normal to Low
please look at it, and if this is not really important, close it.
- Status changed from Feedback to Closed
There is still no feedback from the original author.
Of course plugin output with HTML tags can break everything that is exactly the reason why it can be disabled.
Also available in: Atom