Lack of user input filtering resulting in XSS

[GoogleCodeExporter]

What steps will reproduce the problem?
1. post a jaiku with some javascript e.g. <script>alert()</script>
2. click on the presence link e.g. 
http://www.jaiku.com/channel/ohgod/presence/8c79c91a0c5e4ad49a4ebcfd44dafe4f
3. javascript is executed.

What is the expected output? What do you see instead?

Presence messages should be filtered to prevent cross site scripting attacks.

What version of the product are you using? On what operating system?
Using jaikuengine trunk and tested on jaiku.com

Please provide any additional information below.

Original issue reported on code.google.com by kugutsu...@gmail.com on 1 Sep 2009 at 6:22

[GoogleCodeExporter]

Upgraded to Priority Critical.

Original comment by jonasnoc...@gmail.com on 2 Sep 2009 at 10:15

• Added labels: Priority-Critical, Security
• Removed labels: Priority-Medium

[GoogleCodeExporter]

fixed in r99

Original comment by andyster on 2 Sep 2009 at 10:50

• Changed state: Fixed