Menu
▾
▴
Re: [Tiki-devel] <x> in url param of tracker plugin
|
From: Jonny B. <jo...@ti...> - 2011-08-25 10:39:20
|
Yes, i saw that once somewhere Sylvie - in the end i just had to use a non-html page. +1 for changing the parameter (maybe with a check for legacy 'url' parameters that still work ;) jb On 25 Aug 2011, at 02:22, Sylvie Greverend wrote: > I do not know why exactly (must be an html page at least+...) but when you use the param url in tracker plugin , it gets xss purify and become ur<x>l > (in tiki7 at least). > What is the best? > Do we change the param name? > Do we ...? I do not know in fact? I suppose if url is purified it is because it is dangerous > THx > sylvie > > ------------------------------------------------------------------------------ > EMC VNX: the world's simplest storage, starting under $10K > The only unified storage solution that offers unified management > Up to 160% more powerful than alternatives and 25% more efficient. > Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev_______________________________________________ > TikiWiki-devel mailing list > Tik...@li... > https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel |