[TYPO3-typo3org] Revision texts on Forge is not htmlspecialchar'ed
Peter Klein
peter at umloud.dk
Mon Apr 20 18:06:43 CEST 2009
On one of my projects at Forge, one of the members made an update, and in
the revision text he entered a HTML <script> tag.
This is then displayed in the Overview under "Recent activies", but is not
passed through htmlspecialchars. As a result, the <script> tag is executed
on the overview page.
On my project it results in a "<script>blah. bla..." without an ending
</script>, so all code after the revision is treated as code inside the
script tag. (No output)
Project with <script> tag in the revision text. (Notice that the Members
list is gone, but is still present in the HTML source.)
http://forge.typo3.org/projects/show/extension-t3mootools
Im not sure who is maintaining Forge, so I decided to write the bugreport
here.. ;)
--
Peter
More information about the TYPO3-team-typo3org
mailing list