Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Darren Ferguson 1022 posts 3259 karma points MVP c-trib
    Mar 03, 2010 @ 11:51
    Darren Ferguson

    Output escaping


    Would be great if this package could escape any output.

    If there is HTML in any of the log entries it is returned as is.

    This could *in theory* lead to some sort of XSS attack.

  • Immo Wache 69 posts 224 karma points
    Jul 11, 2010 @ 18:41
    Immo Wache

    Hi Darren and thanks for the freature request.

    Version 4.5.0 now escapes output if there is HTML in any of the log entries to prevent potential vulnerability for cross-site scripting (XSS) attacks.


Please Sign in or register to post replies

Write your reply to: