XSS attack prevention taken out of Template.pm?

bill.winett at tektronix.com bill.winett at tektronix.com
Mon Feb 4 19:21:14 UTC 2008

Sorry if this has already been discussed or is already documented (I
couldn't find either), but I noticed that the following code was removed
in version 3.0.3:


            # Prevent XSS attacks in WYSIWYG fields. 

            xss => sub{

                my ($var) = @_;

                $var =~ s/(<|<)script/_script/ig;

                $var =~ s/(<|<)\/script(>|>)/script_/gi;

                return $var;



Is this code no longer needed?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bugzilla.org/pipermail/developers/attachments/20080204/8f13c5a8/attachment.html>

More information about the developers mailing list