allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Brondsema" <d...@brondsema.net>
Subject [allura:tickets] #7846 HTML input validation problem
Date Thu, 05 Mar 2015 19:35:37 GMT
- **summary**: Boards - input validation Problem! --> HTML input validation problem
- **Comment**:

We looked into this some time ago and it is hard to fix.  The issue is that Markdown allows
some safe HTML tags that can affect layout (table, list items, etc) and if you have incomplete
tags (e.g. `<li>` on its own, iirc) then that can affect the layout of the whole page.



---

** [tickets:#7846] HTML input validation problem**

**Status:** open
**Milestone:** unreleased
**Labels:** support ss-9878 
**Created:** Thu Mar 05, 2015 06:26 PM UTC by John Barrett
**Last Updated:** Thu Mar 05, 2015 06:32 PM UTC
**Owner:** nobody

https://sourceforge.net/p/forge/site-support/9878/

[forge:site-support:#9878]

---

Hello,
tried to explain a possible XSS Vulerability within OSS-PHP Projects in the Boards ... well
... my Code "broke" Board-Layout and also some Functionality ... not able to Edit those Entries
anymore ...
Maybe some more Input Sanitation would help? :)
URL: https://sourceforge.net/p/opensearchserve/discussion/947147/thread/dbbe183b/
Andreas Schnederle-Wagner

----

Chatted with Engineering about this and was asked to escalate


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message