Opened 4 years ago

Closed 4 years ago

#8861 closed bug (fixed)

Tooltip: XSS vulnerability in default content

Reported by: scottgonzalez Owned by:
Priority: minor Milestone: 1.10.0
Component: ui.tooltip Version: 1.9.2
Keywords: Cc:
Blocked by: Blocking:

Description

See #8859

The underlying bug is in tooltip.

Change History (2)

comment:1 Changed 4 years ago by scottgonzalez

  • Status changed from new to open
  • Summary changed from Tooltip: XSS vulnerability in default conetnt to Tooltip: XSS vulnerability in default content

comment:2 Changed 4 years ago by Scott González

  • Resolution set to fixed
  • Status changed from open to closed

Tooltip: Escape the title attribute so that it's treated as text and not HTML. Fixes #8861 - Tooltip: XSS vulnerability in default content.

Changeset: f2854408cce7e4b7fc6bf8676761904af9c96bde

Note: See TracTickets for help on using tickets.