[buddypress-trac] [BuddyPress] #1114: able to embed javascript into the Status field
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Tue Sep 29 11:57:26 UTC 2009
#1114: able to embed javascript into the Status field
--------------------------------+-------------------------------------------
Reporter: DJPaul | Owner:
Type: defect | Status: new
Priority: critical | Milestone: 1.1
Keywords: javascript security |
--------------------------------+-------------------------------------------
Hi
You're able to put html in the status field on your profile. I'm not sure
if that's good decision or not - but that's another matter.
If you put this string into your profile, you can trigger javascript
commands on your profile page (it doesn't work when clicking your status
in the Site Wide Activity).
p.s. Trac may screw up this so i'll repost if needed.
<a href="bt.com" onclick="javascript:alert('bubble')">testing 3</a>
--
Ticket URL: <http://trac.buddypress.org/ticket/1114>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list