Bug #25961

HTML should be escaped in the pre output of DebugExceptionHandler

Added by Aske Ertmann over 10 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Should have
Category:
Error
Start date:
2011-04-14
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

I noticed this today when doing some debugging. Seems the html outputted in the pre tags isn't escaped..

<pre>00173:    echo '<html><body><textarea>' . $response . '</textarea></body></html>';
00174:   } else {

</pre>

Files

DebugExceptionHandler.jpg (394 KB) DebugExceptionHandler.jpg Aske Ertmann, 2011-04-14 13:47
#2

Updated by Gerrit Code Review over 9 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/9624

#3

Updated by Gerrit Code Review over 9 years ago

Patch set 1 for branch FLOW3-1.0 has been pushed to the review server.
It is available at http://review.typo3.org/11752

#4

Updated by Karsten Dambekalns over 9 years ago

  • Category set to Error
  • Assignee set to Christian Müller
  • Target version set to 1.0.5
  • Has patch set to No
#5

Updated by Sebastian Kurfuerst over 9 years ago

  • Status changed from Under Review to Resolved

Also available in: Atom PDF