To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=66032
User karthiksp changed the following: What |Old value |New value ================================================================================ Assigned to|support |fs -------------------------------------------------------------------------------- ------- Additional comments from [EMAIL PROTECTED] Wed Jul 5 11:50:33 -0700 2006 ------- Hi Fs Upon further investigation, this was fixed in release 4.0: In earlier releases, CollabNet guarded Mailing List descriptions from cross-site scripting vulnerabilities and so did not allow allow HTML script. This did not allow the end-user to include scripts in their snippets. For example, if you were to do the following: Create a project (standard). Add a HTML script tag to the description field in a mailing list. On the UI, go to the new project's mailing list screen. You will notice that the script that you added is rendered. Solution: This has been fixed in the current release. A simple subset of HTML will be rendered now, and potentially malicious HTML will cause all HTML to be escaped. ---------------------------------- We can override the template until your site is upgraded to 4.x The same fix doesn't apply to Documents and files descriptions since they appear in a very limited location, HTML markup may be more risky. Thanks, Karthik Support Operations --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]