It's been over two months. What's the status of fixing this? XSS vulns can be just as bad as any other type of vuln.
It's targeted to the 0.6.1 milestone, so next week.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Group: webtools-security → websites-security
Verified FIXED; I now get: "Log in Username: <a href="ja<x>vascript:al<x>ert(document.cookie)">Click Me</a> Password:"
Status: RESOLVED → VERIFIED
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
These bugs are all resolved, so I'm removing the security flag from them.
You need to log in before you can comment on or make changes to this bug.