View Issue Details

IDProjectCategoryView StatusLast Update
0019007phplist applicationMessage Send Processpublic29-12-17 06:17
Status newResolutionopen 
Product Version3.3.1 
Target VersionFixed in Version 
Summary0019007: Several values are not htmlescaped when composing a campaign
DescriptionA problem reported in the forums when composing a campaign and specifying the text part manually

part of a url in the text message was being treated as an html entity because the text was not being html escaped.

A quick look shows quite a few more message fields and translated texts that also are not escaped.

attachment description
several email addresses
several translations, i.e. s('...')
TagsNo tags attached.


There are no notes attached to this issue.