We're updating the issue view to help you get more done. 

Additional cross-site scripting bugs in login

Description

Additional cross-site scripting attacks possible in the login form.

Environment

None

Acceptance Test - Entry

None

Activity

Show:
LG
May 22, 2008, 2:45 AM

Hi,

I really wonder why it take so long to resolve this issue. Just ignoring the parsed parameters (everything behind the ?) would be fine to fix this issue.
Of course one would no longer be able to access URL's directly and to set the username but that's how other applications solve this issue.

LG

Daniel Henninger
May 22, 2008, 8:21 AM

Patience =) I aim to fix these and some other assorted issues for 3.5.2!

Daniel Henninger
July 17, 2008, 10:00 PM

Assignee

Daniel Henninger

Reporter

MattM

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Blocker
Configure