commonsense team mailing list archive

Thread
Date

[Bug 593232] [NEW] Statement display mechanism allows execution of arbitrary javascript

To: commonsense@xxxxxxxxxxxxxxxxxxx
From: Jason G <jasongross9@xxxxxxxxx>
Date: Sun, 13 Jun 2010 05:26:19 -0000
Reply-to: Bug 593232 <593232@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Private security bug reported:

The interface for submitting/displaying statements to OMCS allows
arbitrary markup; any html you type will be rendered directly on the
page displaying your statement.  This may be a security issue.

** Affects: openmind-commons
     Importance: Undecided
         Status: New

-- 
Statement display mechanism allows execution of arbitrary javascript
https://bugs.launchpad.net/bugs/593232
You received this bug notification because you are a member of
Commonsense Computing, which is a direct subscriber.

Status in Open Mind Commons: New

Bug description:
The interface for submitting/displaying statements to OMCS allows arbitrary markup; any html you type will be rendered directly on the page displaying your statement.  This may be a security issue.

Follow ups

[Bug 593232] Re: Statement display mechanism allows execution of arbitrary javascript
From: Rob Speer, 2010-06-13
[Bug 593232] [NEW] Statement display mechanism allows execution of arbitrary javascript
From: Jason G, 2010-06-13

References

[Bug 593232] [NEW] Statement display mechanism allows execution of arbitrary javascript
From: Jason G, 2010-06-13