openlp-core team mailing list archive

Thread
Date

[Bug 908197] [NEW] HTML tags not escaped in alert message

To: openlp-core@xxxxxxxxxxxxxxxxxxx
From: mahfiaz <mahfiaz@xxxxxxxxx>
Date: Fri, 23 Dec 2011 17:49:30 -0000
Reply-to: Bug 908197 <908197@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

This means that alert "<Nursery> Please pick up child 123" would lose <Nursery>.
Also script kiddies could show messages like <style>* {display: none}</style> and would feel good about themselves. Not necessary :)

** Affects: openlp
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of OpenLP
Core, which is subscribed to OpenLP.
https://bugs.launchpad.net/bugs/908197

Title:
  HTML tags not escaped in alert message

Status in OpenLP - Worship Presentation Software:
  New

Bug description:
  This means that alert "<Nursery> Please pick up child 123" would lose <Nursery>.
  Also script kiddies could show messages like <style>* {display: none}</style> and would feel good about themselves. Not necessary :)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openlp/+bug/908197/+subscriptions

Follow ups

[Bug 908197] Re: HTML tags not escaped in alert message
From: Jonathan Corwin, 2012-01-06
[Bug 908197] Re: HTML tags not escaped in alert message
From: mahfiaz, 2012-01-02
[Bug 908197] Re: HTML tags not escaped in alert message
From: mahfiaz, 2011-12-23
[Bug 908197] Re: HTML tags not escaped in alert message
From: Launchpad Bug Tracker, 2011-12-23
[Bug 908197] Re: HTML tags not escaped in alert message
From: Andreas Preikschat, 2011-12-23
[Bug 908197] [NEW] HTML tags not escaped in alert message
From: mahfiaz, 2011-12-23

References

[Bug 908197] [NEW] HTML tags not escaped in alert message
From: mahfiaz, 2011-12-23