subject:"Bug#572417\: tidary XSS"

Bug#572417: tidary XSS

2010-03-07 Thread Steffen Joeris

Hi Hideki Indeed this should be fixed via a DSA and for unstable as well. I am still having slight problems understanding the XSS issue here. Apparently, to_native() is converting it to another encoding, but shouldn't it do some escaping of certain characters to avoid having the usual html

Bug#572417: tidary XSS

2010-03-07 Thread Hideki Yamane

Hi Steffen, On Sun, 7 Mar 2010 19:10:12 +1100 Steffen Joeris steffen.joe...@skolelinux.de wrote: Apparently, to_native() is converting it to another encoding, but shouldn't it do some escaping of certain characters to avoid having the usual html characters in there? I'm not sure that,

Bug#572417: tidary XSS

2010-03-07 Thread Steffen Joeris

Hi Hideki Thanks for the information. Have you been able to reproduce the problem with IE and checked the patch? Cheers Steffen On Sun, 7 Mar 2010 19:10:12 +1100 Steffen Joeris steffen.joe...@skolelinux.de wrote: Apparently, to_native() is converting it to another encoding, but

Bug#572417: tidary XSS

Bug#572417: tidary XSS

Bug#572417: tidary XSS

3 matches

Site Navigation

Mail list logo

Footer information