XSS attack prevention taken out of Template.pm?
Gregary Hendricks
ghendricks at novell.com
Thu Feb 7 17:19:51 UTC 2008
On Wed, 2008-02-06 at 22:16 -0800, Max Kanat-Alexander wrote:
> On Mon, 4 Feb 2008 11:21:14 -0800 bill.winett at tektronix.com wrote:
> > xss => sub{
>
> That isn't even in Bugzilla *2.18* code. We don't use any such
> filter--we have specific filters for HTML, JS, etc.
>
> -Max
That is part of the patch for Testopia. If you have installed Testopia
it should still be there. If you upgraded your Bugzilla installation
from tarball it could be removed. Otherwise I don't know how it went
missing on you.
Greg
More information about the developers
mailing list