Bug #57

Feature #1: Properly balanced registration system

Description must not permit HTML

Added by Chris Cannam about 14 years ago. Updated about 14 years ago.

Status:ClosedStart date:2010-12-14
Priority:UrgentDue date:
Assignee:Chris Cannam% Done:

100%

Category:-
Target version:-

Description

Currently the Description is received and stored as unfiltered HTML -- see for example http://test.soundsoftware.ac.uk/luisf/users/6 (user with Javascript injection in their description field). It needs to be something safer -- a standard Wiki-text format would do nicely.

History

#1 Updated by Luis Figueira about 14 years ago

  • Status changed from New to Feedback
  • Assignee changed from Luis Figueira to Chris Cannam

"Testable" in my branch.

#2 Updated by Chris Cannam about 14 years ago

  • Status changed from Feedback to Resolved
  • Assignee changed from Chris Cannam to Luis Figueira
  • % Done changed from 0 to 100

Looks good. Thanks!

#3 Updated by Chris Cannam about 14 years ago

  • Status changed from Resolved to Closed

#4 Updated by Chris Cannam about 14 years ago

  • Assignee changed from Luis Figueira to Chris Cannam

Also available in: Atom PDF