#8255 Escape html on wiki & blog diff views

v1.10.0
closed
security (30)
General
Kenton Taylor
2018-10-30
2018-10-26
No

The code that generates diffs for the revision history viewing on blog posts & wiki pages, does not escape HTML.

Discussion

  • Dave Brondsema

    Dave Brondsema - 2018-10-26
    • status: in-progress --> closed
    • Reviewer: Kenton Taylor
     
  • Dave Brondsema

    Dave Brondsema - 2018-10-30
    • private: Yes --> No
     
  • Dave Brondsema

    Dave Brondsema - 2018-10-30
    • Milestone: unreleased --> v1.10.0
     

Log in to post a comment.