XSS attack prevention taken out of Template.pm?
bill.winett at tektronix.com
bill.winett at tektronix.com
Mon Feb 4 19:21:14 UTC 2008
Sorry if this has already been discussed or is already documented (I
couldn't find either), but I noticed that the following code was removed
in version 3.0.3:
# Prevent XSS attacks in WYSIWYG fields.
xss => sub{
my ($var) = @_;
$var =~ s/(<|<)script/_script/ig;
$var =~ s/(<|<)\/script(>|>)/script_/gi;
return $var;
},
Is this code no longer needed?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bugzilla.org/pipermail/developers/attachments/20080204/8f13c5a8/attachment.html>
More information about the developers
mailing list