|Subject:||Rest of the Date Conversion Patch + Fix for a Markup Injection Vulnerability|
This patch applies the rest of the date conversion modifications to the code. Plus, it fixes some Markup injection (or XSS) vulnerabilities that were left in the old code (along with adding tests). The problem was that the _tag_if_valid function did not use _encode to encode its text. Should we report this vulnerability to a security forum? Regards, Shlomi Fish
Message body is not shown because it is too large.