Changes between Version 1 and Version 2 of Ticket #1180


Ignore:
Timestamp:
06/08/11 14:43:43 (3 years ago)
Author:
dread
Comment:

Both issues solved using a whitelist on anchor tags.

Second issue was a link with unicode expression of the quote. e.g. <a href=\u201dsomelink\u201d>somelink</a>

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #1180

    • Property Status changed from new to closed
    • Property Resolution changed from to fixed
    • Property Summary changed from User 'about' field put in HTML unsafely to Links in markdown can be badly formed

  • Ticket #1180 – Description

    v1 v2  
    1 User can insert bad things into their About field and when you view the user (web interface) then it causes a 500 error - something is not right here. Need to filter to just safe markdown, as we do for the package notes field. 
     1User can insert bad anchor tags into the User-About and Package-Notes fields and when you view them (web interface) it causes a 500 error. 
     2 
     3Need to improve filtering for anchors in markdown. 
     4 
    25{{{ 
    36<a href="http://xxxsex.com>nasty/website