allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Brondsema" <>
Subject [allura:tickets] #7846 HTML input validation problem
Date Thu, 05 Mar 2015 19:35:37 GMT
- **summary**: Boards - input validation Problem! --> HTML input validation problem
- **Comment**:

We looked into this some time ago and it is hard to fix.  The issue is that Markdown allows
some safe HTML tags that can affect layout (table, list items, etc) and if you have incomplete
tags (e.g. `<li>` on its own, iirc) then that can affect the layout of the whole page.


** [tickets:#7846] HTML input validation problem**

**Status:** open
**Milestone:** unreleased
**Labels:** support ss-9878 
**Created:** Thu Mar 05, 2015 06:26 PM UTC by John Barrett
**Last Updated:** Thu Mar 05, 2015 06:32 PM UTC
**Owner:** nobody



tried to explain a possible XSS Vulerability within OSS-PHP Projects in the Boards ... well
... my Code "broke" Board-Layout and also some Functionality ... not able to Edit those Entries
anymore ...
Maybe some more Input Sanitation would help? :)
Andreas Schnederle-Wagner


Chatted with Engineering about this and was asked to escalate


Sent from because is subscribed to

To unsubscribe from further messages, a project admin can change settings at
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message