Skip to main content

Search and Top Navigation

#8861 closed bug (fixed)

Opened November 27, 2012 04:21PM UTC

Closed November 27, 2012 04:22PM UTC

Tooltip: XSS vulnerability in default content

Reported by: scottgonzalez Owned by:
Priority: minor Milestone: 1.10.0
Component: ui.tooltip Version: 1.9.2
Keywords: Cc:
Blocked by: Blocking:
Description

See #8859

The underlying bug is in tooltip.

Attachments (0)
Change History (2)

Changed November 27, 2012 04:21PM UTC by scottgonzalez comment:1

status: newopen
summary: Tooltip: XSS vulnerability in default conetntTooltip: XSS vulnerability in default content

Changed November 27, 2012 04:22PM UTC by Scott González comment:2

resolution: → fixed
status: openclosed

Tooltip: Escape the title attribute so that it's treated as text and not HTML. Fixes #8861 - Tooltip: XSS vulnerability in default content.

Changeset: f2854408cce7e4b7fc6bf8676761904af9c96bde