Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Out of Date
    • Affects Version/s: 1.0.0.CR1, 1.0.0
    • Fix Version/s: 1.future
    • Component/s: examples
    • Labels:
      None

      Description

      The todo app does not prevent xss.

      Adding the following description to a task will demonstrate the issue:

      <h1 onmouseover='alert(new Date())'>"Come on!"</h1>
      <marquee><h2> dsssssd </h2></marquee>
      

      Thanks to the person that did this on the https://todo-aerogear.rhcloud.com/, for providing this example.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                beve Daniel Bevenius
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: