[typo] XSS vulnerability?

Scott Laird scott at sigkill.org
Sat Nov 26 11:45:04 EST 2005


Argh!  It's supposed to be filtered.  What happens when you run  
'rake'?  There's are several XSS-related tests, do any tests fail?


Scott

On Nov 26, 2005, at 8:28 AM, gpshewan wrote:

> Not being a javascript expert, how much of a concern is Ticket #551
> that nikanorov just submitted?
>
>> Why when I add comment like ---comment---- <script> alert ("Typo
>> sucks"); </script> ---comment----
>>
>> it works? Are you kidding?
> And he's right ... it does.
>
> Gary
> _______________________________________________
> Typo-list mailing list
> Typo-list at rubyforge.org
> http://rubyforge.org/mailman/listinfo/typo-list



More information about the Typo-list mailing list