Opened 12 years ago

Closed 12 years ago

#7272 closed bug (worksforme)

Combobox demo: XSS vulnerability

Reported by: plentz Owned by:
Priority: minor Milestone: 1.9.0
Component: ui.autocomplete Version: 1.8.11
Keywords: Cc:
Blocked by: Blocking:

Description (last modified by Scott González)

The values of the select options should be treated as text, not html.

Change History (3)

comment:1 Changed 12 years ago by Scott González

Description: modified (diff)
Status: newopen
Summary: Autocomplete-combobox has a serious xss vulnerabilityCombobox demo: XSS vulnerability

comment:2 Changed 12 years ago by davidmurdoch

This looks fixed already.

comment:3 Changed 12 years ago by Scott González

Resolution: worksforme
Status: openclosed

This actually doesn't seem to have been a problem.

Note: See TracTickets for help on using tickets.