Forum OpenACS Development: Re: XSS vulnerability in XoWiki and a lot of other OpenACS pages

Collapse
8: Re: XSS vulnerability in XoWiki and a lot of other OpenACS pages (response to 7)
Posted by Torben Brosten on 02/10/11 04:47 PM
..for example:
string match -nocase {[a-z0-9_\.]*} $actual_name
Collapse
10: Re: XSS vulnerability in XoWiki and a lot of other OpenACS pages (response to 8)
Posted by Dave Bauer on 02/10/11 04:54 PM
How exactly does this affect the HTML content passed in the URL variables?

Is this a different problem you are addresses regarding varaible names? I thought they were confirmed against the ad_page_contract.