View Issue Details

IDProjectCategoryView StatusLast Update
0019303phpList 3 applicationSecuritypublic01-10-18 10:38
Reporterxheni 
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version3.3.3 
Target Version3.3.5Fixed in Version3.4.0 
Summary0019303: escape text message content and attachment fields using htmlentities on message page
DescriptionI have used htmlentities to escape subject, fromfield, text content and attachment fields on ?page=message&id page for proper rendering and preventing malicious tags
https://github.com/phpList/phplist3/pull/351
TagsNo tags attached.

Activities

There are no notes attached to this issue.