Project

General

Profile

Actions

Bug #35450

closed

Extensions may introduce Cross-Site Scripting

Added by Helmut Hummel over 12 years ago. Updated over 12 years ago.

Status:
Rejected
Priority:
Won't have this time
Assignee:
-
Category:
-
Target version:
-
Start date:
2012-04-01
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.0
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Problem:
Poorly programmed extensions may introduce Cross-Site Scripting to the site, which is bad.

Solution:
Properly HTML escape the output on a central place to avoid that.

Credits:
Thanks to Rupi for the great suggestions how to solve this.

Actions #1

Updated by Helmut Hummel over 12 years ago

  • Status changed from New to Accepted
Actions #2

Updated by Gerrit Code Review over 12 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10111

Actions #3

Updated by Helmut Hummel over 12 years ago

  • Status changed from Under Review to Rejected
  • Priority changed from Should have to Won't have this time
Actions

Also available in: Atom PDF