[tahoe-lafs-trac-stream] [tahoe-lafs] #1143: Double Encoding in HTML in File Names in WUI
tahoe-lafs
trac at tahoe-lafs.org
Thu Oct 25 01:34:05 UTC 2012
#1143: Double Encoding in HTML in File Names in WUI
-----------------------------------+---------------------------
Reporter: chrisp | Owner: davidsarah
Type: defect | Status: closed
Priority: major | Milestone: 1.10.0
Component: code-frontend-web | Version: 1.7.1
Resolution: fixed | Keywords: easy wui html
Launchpad Bug: |
-----------------------------------+---------------------------
Comment (by davidsarah):
Replying to [comment:6 zooko]:
> Since Nevow's {{{escapeToXML}}} method leaves single/double quotes
intact, could that be used to malicious craft input which would confuse
the HTML parser by having embedded quote characters?
No, because the input does not occur in an attribute or other quoted
context.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1143#comment:9>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list