[VCL-808] vcld allows user values that contain HTML which is not cleaned on web interface - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: 2.3.2
Fix Version/s: 2.5
Component/s: vcld (backend)
Labels:
None

Description

put in HTML/Javascript for a users first name, it makes it into the database and is displayed and executed on the web interface

Example: ./vcld -setup
Add user with a firstname of "<b>Bol</b>"
Lookup the user on the web interface

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Karl Vollmer

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Jan/15 19:15

Updated:: 20/Mar/17 22:15

Resolved:: 20/Mar/17 22:15