[prev in list] [next in list] [prev in thread] [next in thread] 

List:       rt-devel
Subject:    Re: [Rt-devel] Any XSS issues?
From:       "Jerrad Pierce" <jpierce () cambridgeenergyalliance ! org>
Date:       2009-01-14 5:17:24
Message-ID: be7163f0901132117s4bde8238k76436c3d750aaf08 () mail ! gmail ! com
[Download RAW message or body]

> Well, we did find one gotcha though I can't strictly call it RT's
> fauly. Creating tickets through the web UI does successfully escape
> malicious output, but that doesn't apply to tickets created via
> RT::Client::REST. Is there a way I can get REST-generated tickets to
> go through the same escaping as UI-generated tickets?
This module's not supported by Best Practical, and closer to unsupported
right now. Dmitri et al. are handing out commit bits for google code (ick,
one of the reasons I've not yet made some fixes) if you're interested.
Otherwise, you could submit a patch on rt.cpan.org

-- 
Cambridge Energy Alliance: Save money. Save the planet.
_______________________________________________
List info: http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel
[prev in list] [next in list] [prev in thread] [next in thread]