Ticket #1180 (new defect) — at Initial Version
User 'about' field put in HTML unsafely
| Reported by: | dread | Owned by: | dread |
|---|---|---|---|
| Priority: | critical | Milestone: | ckan-v1.5-sprint-3 |
| Component: | ckan | Keywords: | |
| Cc: | Repository: | ckan | |
| Theme: | none |
Description
User can insert bad things into their About field and when you view the user (web interface) then it causes a 500 error - something is not right here. Need to filter to just safe markdown, as we do for the package notes field.
<a href="http://xxxsex.com>nasty/website
Note: See
TracTickets for help on using
tickets.
