What steps will reproduce the problem?
1. <a href="http://demo.testfire.net">CLICK HERE</a>
2. click on CLICK HERE
3.
What is the expected output? What do you see instead?
it should filter out html tags. In this context,it accepts <a> tag and href
attribute which is used to specify a link address. So, by giving the above
input and on clicking CLICK HERE, it goes to malicious link specified in href
attribute hence leading to html injection/XSS attacks
What version of the product are you using? On what operating system?
OS-Windows XP
Version-1.5.2
Please provide any additional information below.
vulnerable to html injection attacks
Original issue reported on code.google.com by varnam...@gmail.com on 11 Jan 2014 at 5:11
Original issue reported on code.google.com by
varnam...@gmail.comon 11 Jan 2014 at 5:11