View Issue Details

IDProjectCategoryView StatusLast Update
0019303phpList 3 applicationSecuritypublic19-07-19 15:47
Reporterxheni Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version3.3.3 
Target Version3.3.5Fixed in Version3.3.5 
Summary0019303: escape text message content and attachment fields using htmlentities on message page
DescriptionI have used htmlentities to escape subject, fromfield, text content and attachment fields on ?page=message&id page for proper rendering and preventing malicious tags
https://github.com/phpList/phplist3/pull/351
TagsNo tags attached.

Activities

There are no notes attached to this issue.