Development

#9807 (Unescaped strings in changelog messages for plugin)

You must first sign up to be able to contribute.

Ticket #9807 (new defect)

Opened 2 years ago

Unescaped strings in changelog messages for plugin

Reported by: diafour Assigned to: fabien
Priority: minor Milestone:
Component: website Version: 1.4.10
Keywords: Cc:
Qualification: Unreviewed

Description

http://www.symfony-project.org/plugins/sfCaptchaGDPlugin

Go to Changelog tab and look at message for "Release 1.4.2 - 16/02/2010".

Changelog message includes a string "<input>". Message sent to browser not being escaped and browser renders real input field.