MantisBT: master-1.2.x 1740b99c

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx dhx master-1.2.x 2009-12-05 09:09 master-1.2.x ef0b66b4
Affected Issues  0011260: Attribute/XSS injection in permalink_page.php
Changeset

Fix 0011260: Attribute injection/XSS in permalink_page.php

HTML attribute injection via:
permalink_page.php?url=%22%20style=%22display:none%22

This is a possible XSS issue, although <script> tags don't have any
direct effect. It's still possible to use CSS to do naughty things.
mod - permalink_page.php Diff File