#68 new
Heiko Webers

<code> comes through unfiltered

Reported by Heiko Webers | October 8th, 2008 @ 05:46 AM

RedCloth.new('<code onmouseover="bad_code_goes_here">hi</code>', [:filter_html]).to_html


"<p><code onmouseover=\"bad_code_goes_here\">hi</code></p>"

This is a security problem

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

RedCloth is a Ruby library for converting Textile into HTML

Shared Ticket Bins

People watching this ticket