Opened 9 years ago

Closed 9 years ago

Last modified 6 years ago

#1183 closed bug (fixed)

If an email contain html code, it is not escaped but output in the message as is

Reported by: hkroger Owned by:
Priority: major Milestone: Legacy Resolved
Component: BW Mail Keywords:
Cc:

Description

BW Rox version: user agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b99) Gecko/20090605 Firefox/3.5b99 request uri: http://www.bewelcome.org/messages/15486/sent

If an email contain html code, it is not escaped but output in the message as is. So if I write <a href="blahblah">Blah</a> the recipient will see just a link and html code, which is wrong in my opinion.

Change History (4)

comment:1 Changed 9 years ago by crumbking

  • Summary changed from bug report to If an email contain html code, it is not escaped but output in the message as is

comment:2 Changed 9 years ago by fake51

  • follow_up changed from none to release
  • Resolution set to fixed
  • Status changed from new to closed

Messages are now filtered to make sure they don't contain bad html (XSS and the like) but html is allowed in messages. I don't think we'll go for plain text messages, so this is probably as fixed as it gets

comment:3 Changed 9 years ago by crumbking

  • follow_up changed from release to none

comment:4 Changed 6 years ago by TimLoal

  • Milestone changed from unassigned to Legacy Resolved
Note: See TracTickets for help on using tickets.