[pmwiki-users] Is ability to insert HTML a bug?
Patrick R. Michaud
pmichaud at pobox.com
Sun Apr 2 21:21:06 CDT 2006
On Mon, Apr 03, 2006 at 12:46:58AM +0000, ljb wrote:
> Two meta-questions, please: I came across a way a PmWiki-2.1.5 user can
> insert any bit of HTML into a wiki page and have it returned to the browser
> without escaping. Is this a bug? (I think it probably is.) Is this a serious,
> security-type bug? (I think it isn't, but PmWikiPhilosophy says it can be.)
> So should I give details and a patch here, on PITS, or some other way?
If you're worried about publicly disclosing a security hole, you can
send it to me directly (pmichaud at pobox.com) and I'll fix and publish
the details as appropriate.
Or, you can post it to the list or PITS, those are fine with me also.
Pm
More information about the pmwiki-users
mailing list