View Issue Details

IDProjectCategoryView StatusLast Update
0019007phpList 3 applicationCampaign Send Processpublic02-07-18 10:12
Reporterduncanc Assigned To 
Status resolvedResolutionfixed 
Product Version3.3.1 
Target Version3.3.4Fixed in Version3.3.3 
Summary0019007: Several values are not htmlescaped when composing a campaign
DescriptionA problem reported in the forums when composing a campaign and specifying the text part manually

part of a url in the text message was being treated as an html entity because the text was not being html escaped.

A quick look shows quite a few more message fields and translated texts that also are not escaped.

attachment description
several email addresses
several translations, i.e. s('...')
TagsNo tags attached.