XSS attack prevention taken out of Template.pm?

Gregary Hendricks ghendricks at novell.com
Thu Feb 7 17:19:51 UTC 2008

On Wed, 2008-02-06 at 22:16 -0800, Max Kanat-Alexander wrote:
> On Mon, 4 Feb 2008 11:21:14 -0800 bill.winett at tektronix.com wrote:
> >             xss => sub{
>   That isn't even in Bugzilla *2.18* code. We don't use any such
> filter--we have specific filters for HTML, JS, etc.
> 	-Max

That is part of the patch for Testopia. If you have installed Testopia
it should still be there. If you upgraded your Bugzilla installation
from tarball it could be removed. Otherwise I don't know how it went
missing on you.


More information about the developers mailing list