Dangerous! XSS vulnerability

till klimpong at gmail.com
Fri Feb 16 15:13:38 CET 2007


On 2/16/07, Robin Elfrink <elfrink at introweb.nl> wrote:
> Michael Bueker wrote:
>
> > http://trac.roundcube.net/trac.cgi/ticket/1484254
> >
> > This should get immediate attention.
>
> Proposed fix added to the ticket.
>
> The only thing I'm not sure about is charset conversions. I have no
> experience with those. Are special charset thingies used in mailbox names?

Maybe? We *should* probably test and see what happens when.

I also added a comment to the ticket.

Cheers,
-- 
Till Klampaeckel
e: mailto:klimpong at gmail.com
p: +491704018676
l: http://beta.plazes.com/whereis/till

Want to know what's up in Berlin?
- http://berlin.metblogs.com




More information about the Dev mailing list