commonsense team mailing list archive

Thread
Date

[Bug 593232] Re: Statement display mechanism allows execution of arbitrary javascript

To: commonsense@xxxxxxxxxxxxxxxxxxx
From: Rob Speer <rspeer@xxxxxxx>
Date: Sun, 13 Jun 2010 06:37:08 -0000
Reply-to: Bug 593232 <593232@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Yuck. Thanks for finding that.

Concepts are now HTML-escaped when formatted in a linked assertion.

-- 
Statement display mechanism allows execution of arbitrary javascript
https://bugs.launchpad.net/bugs/593232
You received this bug notification because you are a member of
Commonsense Computing, which is a direct subscriber.

Status in Open Mind Commons: New

Bug description:
The interface for submitting/displaying statements to OMCS allows arbitrary markup; any html you type will be rendered directly on the page displaying your statement.  This may be a security issue.

References

[Bug 593232] [NEW] Statement display mechanism allows execution of arbitrary javascript
From: Jason G, 2010-06-13