Issue tracker moved to https://gitlab.archlinux.org/archlinux/aurweb/-/issues
FS#3315 - < is not escaped
Attached to Project:
AUR web interface
Opened by Mircea Bardac (IceRAM) - Sunday, 09 October 2005, 08:33 GMT
Opened by Mircea Bardac (IceRAM) - Sunday, 09 October 2005, 08:33 GMT
|
Details< is not escaped in the comments.
See: http://aur.archlinux.org/packages.php?do_Details=1&ID=1011&O=0&L=0&C=0&K=qemu&SB=n&SO=a&PP=25&do_MyPackages=0&do_Orphans=0 (my 4th comment) |
This task depends upon
Closed by Simo Leone (neotuli)
Thursday, 03 August 2006, 03:53 GMT
Reason for closing: Won't fix
Additional comments about closing: this is just the way php's strip_tags() works, and is only an issue if someone uses a less-than character (<) not followed by a space.
Unfortunately there's no way we can really separate <dangeroustag> from <justacomment, so I guess we have to live with it.
Thursday, 03 August 2006, 03:53 GMT
Reason for closing: Won't fix
Additional comments about closing: this is just the way php's strip_tags() works, and is only an issue if someone uses a less-than character (<) not followed by a space.
Unfortunately there's no way we can really separate <dangeroustag> from <justacomment, so I guess we have to live with it.
You might be more lucky looking directly in the AUR database.
I haven't posted a comment with "<" lately. If it's not reproductible when somebody tries this, then it's fixed.
< foo >
is okay
but:
<foo>
is not
also okay:
>foo
<
bar>