id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
5882	Cross-site scripting not mentioned in the tutorial	roland.illig@…	nobody	"Am I right that you don't mention the problem of cross-site scripting in the tutorial? Let's say I would add a poll like this:

question: What does <script>alert(""foo"");</script> do?

Would the application output a properly quoted question or would I get a JavaScript message box?
"		closed	Documentation	dev		invalid	xss cross-site-scripting		Unreviewed	0	0	0	0	0	0