Opened 18 years ago
Closed 17 years ago
#4631 closed (invalid)
XSS in admin panel Filter block
Reported by: | Owned by: | Adrian Holovaty | |
---|---|---|---|
Component: | contrib.admin | Version: | 0.96 |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
search by date (list_filter) option for models in the admin panel (Filter right side block) has a bug that allows XSS through search (search_fields).
Search for:
sss"><textarea>
and the links for date filtering will be broken with a textarea
Note:
See TracTickets
for help on using tickets.
Hmm.. I'm unable to repeat this - I'm hoping it's been fixed in the meantime. Can you check if this is still a problem?