Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-12784

Content pulled in from http://alert.civicrm.org does not undergo any markup validation

          Details

          • Type: Improvement
          • Status: Won't Do
          • Priority: Trivial
          • Resolution: Won't Do
          • Affects Version/s: 4.3.4
          • Fix Version/s: Unscheduled
          • Component/s: None
          • Labels:
          • Versioning Impact:
            Patch (backwards-compatible bug fixes)
          • Documentation Required?:
            None
          • Funding Source:
            Needs Funding

            Description

            It seems to be a FIXME in the code. Given CRM-12783, it seems like we should be restricting markup to a small set of html tags. It seems, at the moment, that an attacker could insert javascript.

              Attachments

                Activity

                  People

                  • Assignee:
                    timotten Tim Otten
                    Reporter:
                    jamie Jamie McClelland
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    3 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: