Message5056
I am a little lost here. It looks like the url is properly escaped.
This is the url I see when I add an issue -
http://localhost:8917/demo/issue1?
@ok_message=msg%201%20created%0Aissue%201%20created&@template=item
Is this xss? Are we saying that the ok_message should be plain text?
The URL remains same, irrespective of the template we use. |
|
| Date |
User |
Action |
Args |
| 2014-04-02 06:59:01 | pcaulagi | set | messageid: <1396421941.87.0.260738699453.issue2550814@psf.upfronthosting.co.za> |
| 2014-04-02 06:59:01 | pcaulagi | set | recipients:
+ pcaulagi, schlatterbeck, ber |
| 2014-04-02 06:59:01 | pcaulagi | link | issue2550814 messages |
| 2014-04-02 06:59:01 | pcaulagi | create | |
|