XSS attack prevention taken out of Template.pm?

bill.winett at tektronix.com bill.winett at tektronix.com
Thu Feb 7 21:47:28 UTC 2008

Thanks for the info.  I had installed Testopia and was reinstalling
Bugzilla to remote Testopia.


-----Original Message-----
From: developers-owner at bugzilla.org
[mailto:developers-owner at bugzilla.org] On Behalf Of Gregary Hendricks
Sent: Thursday, February 07, 2008 9:20 AM
To: developers at bugzilla.org; Gregary Hendricks
Subject: Re: XSS attack prevention taken out of Template.pm?

On Wed, 2008-02-06 at 22:16 -0800, Max Kanat-Alexander wrote:
> On Mon, 4 Feb 2008 11:21:14 -0800 bill.winett at tektronix.com wrote:
> >             xss => sub{
>   That isn't even in Bugzilla *2.18* code. We don't use any such
> filter--we have specific filters for HTML, JS, etc.
> 	-Max

That is part of the patch for Testopia. If you have installed Testopia
it should still be there. If you upgraded your Bugzilla installation
from tarball it could be removed. Otherwise I don't know how it went
missing on you.


To view or change your list settings, click here:

More information about the developers mailing list