Skip Menu |
 
rt.cpan.org will be shut down on March 1st, 2021.

This queue is for tickets about the Template-Alloy CPAN distribution.

Report information
The Basics
Id: 119825
Status: new
Priority: 0/
Queue: Template-Alloy

People
Owner: Nobody in particular
Requestors: haarg [...] haarg.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: filters will not apply to objects
MIME-Version: 1.0
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
Message-ID: <rt-4.0.18-25083-1484181174-23.0-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 277
Download (untitled) / with headers
text/plain 277b
Trying to apply a filter to an object will silently ignore the filter. For example, a URI object overloads "" and can usefully appear in a template. Trying to apply an html filter to it will ignore the filter, which may result in XSS flaws. This also applies to AUTO_FILTER.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.