[Taginfo-dev] Bugfix: Missing HTML escape
Jochen Topf
jochen at remote.org
Tue Jan 5 13:57:40 UTC 2016
Hi!
I just fixed a long-existing bug in taginfo where tag values were not HTML
escaped but used (more or less) verbatim in the HTML page. This could be used
to get any HTML elements into the page including Javascript code. Because there
are no logins on taginfo and no private information that could leak or so, this
isn't that big a deal, but still I think everybody running taginfo instances
should probably upgrade.
Jochen
--
Jochen Topf jochen at remote.org http://www.jochentopf.com/ +49-351-31778688
More information about the Taginfo-dev
mailing list