[Bug 12469] Dynamic Cross-Site Scripting and Page Repainting from bugzilla@jessica.w3.org on 2011-04-11 (public-html-bugzilla@w3.org from April 2011)

From: <bugzilla@jessica.w3.org>
Date: Mon, 11 Apr 2011 12:26:37 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Q9GCT-0000li-Ns@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=12469

--- Comment #1 from Simon <simon.young90@live.com> 2011-04-11 12:26:37 UTC ---
The <plaintext> function would be better implimented using CSS styles applied
to a contatiner, to avoid XSS attacks from starting with
"</plaintext><script>.."

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Monday, 11 April 2011 12:26:39 UTC