Chit-Chat

bug tracker broken

Permalink December 08, 2008 at 11:05 AM

A thread about the fact that iframe's get stripped broke the bug tracker since iframe's are not stripped there ;-)

Probably a security risk too? Might be possible to inject some code..

andrew replied on Dec 8, 2008 at 12:01 pm Permalink Reply

You're right, this is a forum issue, not a core c5 issue. We're sanitizing input and exchanging HTML with entities everywhere BUT in the name/title of the page...so including <iframe> in the title definitely causes issues.

Heh, that page should be fixed and we should update our forums with a fix very soon.