To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=66032
User karthiksp changed the following:
What |Old value |New value
================================================================================
Assigned to|support |fs
--------------------------------------------------------------------------------
------- Additional comments from [EMAIL PROTECTED] Wed Jul 5 11:50:33 -0700
2006 -------
Hi Fs
Upon further investigation, this was fixed in release 4.0:
In earlier releases, CollabNet guarded Mailing List descriptions from
cross-site scripting vulnerabilities and so did not allow allow HTML script.
This did not allow the end-user to include scripts in their snippets. For
example, if you were to do the following:
Create a project (standard).
Add a HTML script tag to the description field in a mailing list.
On the UI, go to the new project's mailing list screen.
You will notice that the script that you added is rendered.
Solution: This has been fixed in the current release. A simple subset of HTML
will be rendered now, and potentially malicious HTML will cause all HTML to be
escaped.
----------------------------------
We can override the template until your site is upgraded to 4.x
The same fix doesn't apply to Documents and files descriptions since they appear
in a very limited location, HTML markup may be more risky.
Thanks,
Karthik
Support Operations
---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
