[JC-157] It's possible to use such code <form action="http://yandex.ru"><input type="submit"></form> in user name/surname - JTalks JIRA

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 0.4, 0.5
Fix Version/s: 0.5
Labels:
None
Environment:

http://deploy.jtalks.org/jcommune

Description

It's possible to input in First name/Last name fields during the registration or after registration in users profile, code such : <form action="http://yandex.ru"><input type="submit"></form>

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

2011-07-28_2127.png
17 kB
31/Jul/11 4:50 PM

Structure Settings

Structure

(does not include JC-157)

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Kirill Afonin added a comment - 31/Jul/11 8:45 PM

html escaping not implemented yet. you can also use XSS, CSRF

Show

Kirill Afonin added a comment - 31/Jul/11 8:45 PM html escaping not implemented yet. you can also use XSS, CSRF

Hide

Permalink

Olga Danieloff added a comment - 15/Oct/11 11:00 PM

verified

Show

Olga Danieloff added a comment - 15/Oct/11 11:00 PM verified

People

Assignee:

Olga Danieloff

Reporter:

Erik Khalimov

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

31/Jul/11 4:50 PM

Updated:

17/Aug/12 6:14 PM

Resolved:

29/Aug/11 9:09 PM

Structure Helper Panel