Closed (fixed)
Project:
Documentation
Component:
Correction/Clarification
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
28 Mar 2007 at 19:50 UTC
Updated:
14 Jan 2010 at 06:20 UTC
Jump to comment: Most recent
Comments
Comment #1
Anonymous (not verified) commentedComment #2
dawehnerdrupal5 does nearly the same
This items get there by hook_user $op = 'view'
-> the modules should provide the safety stuff
for example the profile module
http://api.drupal.org/api/function/profile_view_field/6
so there should be no xss problem or not?
Comment #3
arianek commentedthis has since been fixed (according to smrt people in #drupal)
see: http://drupal.org/node/35730/revisions/view/346769/680458
"the check_plain() part fixes it"