Opened 10 years ago
Closed 10 years ago
#8861 closed bug (fixed)
Tooltip: XSS vulnerability in default content
| Reported by: | Scott González | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.10.0 |
| Component: | ui.tooltip | Version: | 1.9.2 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
See #8859
The underlying bug is in tooltip.
Change History (2)
comment:1 Changed 10 years ago by
| Status: | new → open |
|---|---|
| Summary: | Tooltip: XSS vulnerability in default conetnt → Tooltip: XSS vulnerability in default content |
comment:2 Changed 10 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Note: See
TracTickets for help on using
tickets.
Tooltip: Escape the title attribute so that it's treated as text and not HTML. Fixes #8861 - Tooltip: XSS vulnerability in default content.