Skip Menu |

This queue is for tickets about the XML-RSS CPAN distribution.

Report information
The Basics
Id: 23435
Status: resolved
Priority: 0/
Queue: XML-RSS

Owner: Nobody in particular
Requestors: SHLOMIF [...]

Bug Information
Severity: Important
Broken in: 1.20
Fixed in: (no value)


Subject: Rest of the Date Conversion Patch + Fix for a Markup Injection Vulnerability
Download (untitled) / with headers
text/plain 379b
This patch applies the rest of the date conversion modifications to the code. Plus, it fixes some Markup injection (or XSS) vulnerabilities that were left in the old code (along with adding tests). The problem was that the _tag_if_valid function did not use _encode to encode its text. Should we report this vulnerability to a security forum? Regards, Shlomi Fish
Subject: XML-RSS-date-conversion-2nd-patch-rev1.patch

Message body is not shown because it is too large.

From: ABH [...]
Applied, thanks (r8314)

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to