[#KTS-2185] Cross site scripting checks - KnowledgeTree Document Management Made Simple

KnowledgeTree Community Edition

Cross site scripting checks

Created: 10/Jul/07 11:02 AM Updated: 17/Sep/07 10:50 AM

Component/s:

None

Affects Version/s:

STABLE 3.4.1

Fix Version/s:

DEV 3.5

Original Estimate:

Unknown

Remaining Estimate:

Unknown

Time Spent:

Unknown

Issue Links:

Related

This issue is related to:
	~~KTS-2178~~ cross site scripting

Fix impact:	DEV 3.5
Issue Source Release:	DEV.3.5.2007-08-21-092201

Description

« Hide

validate general entries against cross site scripting attacks

All

Comments

Work Log

Change History

Sort Order:

[ Permlink | « Hide ]

Fortunate Mashinini - [21/Aug/07 10:52 AM ]

I can't pass this issue because I can still add some java script code for the following text_field instances:
1. create a user/and group using <script type="text/javascript">window.alert("Hello World!")</script>
2. Search for user/group using <script type="text/javascript">window.alert("Hello World!")</script>
3. Creating unit trancates script to <script type=

[ Permlink | « Hide ]

Conrad Vermeulen - [24/Aug/07 12:09 PM ]

The attack from administration is less likely.

The main problem is catering for the user only side of things.

the attack is more likely from a user wanting administrator privs...

[ Permlink | « Hide ]

Fortunate Mashinini - [17/Sep/07 10:50 AM ]

Issue clarified, can now be closed.