Security #140
XSS issue in Html lib (and so Contact module)
| Status: | Closed | Start date: | 2009-04-25 | |
|---|---|---|---|---|
| Priority: | Medium | Due date: | ||
| Assignee: | Alex Cartwright | % Done: | 100% |
|
| Category: | - | |||
| Target version: | 2.3.0 | |||
| PHP Version: |
Description
Html::textarea() does not handle the value argument correctly and is open to XSS. As the contact module uses this, it is also open to XSS.
History
Updated by Alex Cartwright about 4 years ago
- Status changed from Confirmed to Closed
- % Done changed from 0 to 100
Fixed in r2372