Back to Discussions

Not escape '<' and '>' character

https://www.penflip.com/user_name/project_name/merge-requests/1 (<- not real URL, just example)

when merging requests, (pending changes->Submitted changes->changes from XXX)
'<' and '>' characters in text submitted is not escaped.
This characters are used by HTML tag.
So I'm afraid this will make a bug about XSS.

Started by ziriso Discussion started Jun 14, 2015