Tickets :: [#8552] It's possible to inject javascript on Kronolith

Summary	It's possible to inject javascript on Kronolith
Queue	Kronolith
Queue Version	Git master
Type	Bug
State	Resolved
Priority	1. Low
Owners	Jan Schneider <jan (at) horde (dot) org>
Requester	goncalo (dot) queiros (at) portugalmail (dot) net
Created	09/04/09 (193 days ago)
Due
Updated	01/12/10 (63 days ago)
Assigned
Resolved	09/04/09 (193 days ago)
Attachments
Milestone
Patch	No

01/12/10	CVS Commit	Comment #2	Reply to this comment
Changes have been made in Git for this ticket: Element.update() and Element.insert() don't escape content and eval scripts automatically. Escape any plain text being inserted (~~Bug #8552~~). http://git.horde.org/diff.php/kronolith/js/kronolith.js?rt=horde-git&r1=fabc16d8ac224bbcf5fbe2f5ff4ac26af563d69c&r2=62b96aed490816b1f2a5c7334ab21bb324455df9

09/04/09	Jan Schneider	State ⇒ Resolved Assigned to Jan Schneider

09/04/09	goncalo (dot) queiros (at) portugalmail (dot) net	Comment #1 State ⇒ Unconfirmed Patch ⇒ Milestone ⇒ Queue ⇒ Kronolith Summary ⇒ It's possible to inject javascript on Kronolith Type ⇒ Bug Priority ⇒ 1. Low	Reply to this comment
When a new event is created, it's possible to inject javascript (at least in the Title field)