Issue 142: Lack of user input filtering resulting in XSS
Status:  Fixed
Owner: ----
Closed:  Sep 2009
Reported by kugutsu...@gmail.com, Sep 1, 2009

What steps will reproduce the problem?
1. post a jaiku with some javascript e.g. <script>alert()</script>
2. click on the presence link e.g. 
http://www.jaiku.com/channel/ohgod/presence/8c79c91a0c5e4ad49a4ebcfd44dafe4f
3. javascript is executed.

What is the expected output? What do you see instead?

Presence messages should be filtered to prevent cross site scripting attacks.

What version of the product are you using? On what operating system?
Using jaikuengine trunk and tested on jaiku.com

Please provide any additional information below.


Sep 2, 2009
Project Member #1 jonasnoc...@gmail.com
Upgraded to Priority Critical.
Labels: -Priority-Medium Priority-Critical Security
Sep 2, 2009
Project Member #2 andyster
fixed in r99
Status: Fixed