[Taginfo-dev] Bugfix: Missing HTML escape

Jochen Topf jochen at remote.org
Tue Jan 5 13:57:40 UTC 2016


Hi!

I just fixed a long-existing bug in taginfo where tag values were not HTML
escaped but used (more or less) verbatim in the HTML page. This could be used
to get any HTML elements into the page including Javascript code. Because there
are no logins on taginfo and no private information that could leak or so, this
isn't that big a deal, but still I think everybody running taginfo instances
should probably upgrade.

Jochen
-- 
Jochen Topf  jochen at remote.org  http://www.jochentopf.com/  +49-351-31778688



More information about the Taginfo-dev mailing list