Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-5738

Implement output encoding via Smarty to minimize cross site scripting

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Major
          • Resolution: Won't Fix
          • Affects Version/s: 3.1.1
          • Fix Version/s: 4.3.0
          • Component/s: Core CiviCRM
          • Labels:
            None

            Description

            We should encode all output to prevent various scripting attacks:

            http://acko.net/blog/safe-string-theory-for-the-web

            drupal uses this quite successfully and we can borrow code from it. Please document the exact files AND version if we do copy code from drupal

              Attachments

                Activity

                  People

                  • Assignee:
                    lobo Donald A. Lobo
                    Reporter:
                    lobo Donald A. Lobo
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: