Closed rmoch closed 5 years ago
Fullname and email a freely entered by user and are not verified for special characters by form in dogwood. This could lead to XSS exploit when rendered in mako templates which do not escape strings as default.
Fullname and email a freely entered by user and are not verified for special characters by form in dogwood. This could lead to XSS exploit when rendered in mako templates which do not escape strings as default.