Issue 17: thread title should be escaped
Status:  Fixed
Owner: ----
Closed:  Apr 2008
Reported by mcallist...@gmail.com, Apr 12, 2008
The threads title is unescaped in the forum_list.html, this could lead to a
XSS attack. I'm aware that recent django versions use autoescape by
default, but I guess it won't hurt to make this change.
A similar vulnerability can be found in the breadcrumbs in thread.html
where the title is also shown.

Regards, Sean
 
Apr 14, 2008
Project Member #1 rwpoul...@gmail.com
Fixed in latest SVN. Thank you!
Status: Fixed