[fusion-trac] #496: There is no code injection prevention in
redline name
Fusion
trac_fusion at osgeo.org
Thu Dec 1 00:43:17 EST 2011
#496: There is no code injection prevention in redline name
-----------------------+----------------------------------------------------
Reporter: liuar | Owner: liuar
Type: defect | Status: new
Priority: P2 | Milestone: Future
Component: Widgets | Version: 2.0
Severity: Major | Keywords:
External_id: | State: New
Browser: All | Os: All
-----------------------+----------------------------------------------------
steps:[[BR]]
1. Create a redline layer, add it to map and then edit markup[[BR]]
2. Create a line[[BR]]
3. Use "</abc" as its name.[[BR]]
4. Click "Update text"[[BR]]
[[BR]]
Expect:[[BR]]
"</abc" is used as label and the name in the redline list should also be
it.[[BR]]
Actual:[[BR]]
"</abc" only shows as label in map. In redline list, it's empty.
--
Ticket URL: <http://trac.osgeo.org/fusion/ticket/496>
Fusion <http://trac.osgeo.org/fusion>
Fusion is a web-mapping application development framework for MapServer and MapGuide OS.
More information about the fusion-trac
mailing list