href=&quot;javascript:...&quot; is a security proble

Status: Alpha

Brought to you by: glutnix

#2 href=&quot;javascript:...&quot; is a security proble

Milestone: v2.37

Status: open-accepted

Owner: Keilaron

Labels: Security (1)

Priority: 1

Updated: 2005-03-19

Created: 2003-03-06

Creator: Brett Taylor

Private: No

remove any a tags that have javascript: at the start of
the href.

Discussion

Brett Taylor - 2003-03-07

assigned_to: nobody --> glutnix

summary: href="javascript:..." is a security problem --> href="javascript:..." is a security problem
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Keilaron - 2005-03-19

summary: href="javascript:..." is a security problem --> href="javascript:..." is a security proble

labels: --> Security

assigned_to: glutnix --> nobody
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Keilaron - 2005-03-19

Logged In: YES
user_id=1049905

I think this got fixed even before 2.33 ... you're talking
about the URL textbox, right?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Keilaron - 2005-03-19

priority: 5 --> 1

milestone: --> v2.37

assigned_to: nobody --> keilaron

status: open --> open-accepted
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Keilaron - 2005-03-19

Logged In: YES
user_id=1049905

This was fixed in 2.33, but the fix just changes the URL
rather than rejecting it or removing it. I think I'll change
that.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.