Ticket #68 (closed defect: duplicate)

Opened 3 years ago

Last modified 3 years ago

Malformed user name input not blocked by preferences template

Reported by: earle Owned by: dom
Priority: normal Milestone:
Component: openguides Version: svn
Severity: normal Keywords: templates cgi
Cc:

Description

If you put something like 

<a href="http://example.com/">Foo</a>

into the preferences page as your username, the edit form gets broken. (See attachment.) The username should be unescaped or some such before being set in the preferences cookie.

Attachments

broken_edit_form.png (11.9 kB) - added by earle 3 years ago.
Screenshot of broken edit form.

Change History

Changed 3 years ago by earle

Screenshot of broken edit form.

Changed 3 years ago by dom

  • status changed from new to closed
  • resolution set to duplicate
Note: See TracTickets for help on using tickets.