#79: Strip out HTML in all user input (apart from node content) ------------------------+--------------------------------------------------- Reporter: dom | Owner: Nobody Type: defect | Status: new Priority: high | Milestone: Component: openguides | Version: svn Severity: normal | Resolution: Keywords: | ------------------------+--------------------------------------------------- Comment (by Kake):
Decision: Run all user input through CGI::escapeHTML in the commit_node method of OpenGuides.pm after we call OpenGuides::Template to extract the variables from the CGI object. Also, move Dom's temporary escaping here from OpenGuides::Template (changeset [[775]]).