[buddypress-trac] [BuddyPress] #1114: able to embed javascript into the Status field

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Tue Sep 29 11:57:26 UTC 2009

#1114: able to embed javascript into the Status field
Reporter:  DJPaul               |       Owner:     
    Type:  defect               |      Status:  new
Priority:  critical             |   Milestone:  1.1
Keywords:  javascript security  |  
 You're able to put html in the status field on your profile.  I'm not sure
 if that's good decision or not - but that's another matter.

 If you put this string into your profile, you can trigger javascript
 commands on your profile page (it doesn't work when clicking your status
 in the Site Wide Activity).

 p.s. Trac may screw up this so i'll repost if needed.

 <a href="bt.com" onclick="javascript:alert('bubble')">testing 3</a>

Ticket URL: <http://trac.buddypress.org/ticket/1114>
BuddyPress <http://buddypress.org/>

More information about the buddypress-trac mailing list