XML RPC > html in response > htmlspecialchars + javascript stripping

XML RPC > html in response > htmlspecialchars + javascript stripping

El Forum
Guest

05-27-2008, 08:03 AM

[eluser]HdotNET[/eluser]
Wondering whether to post this as bug a or not.

The user guide implies that the XSS filter is not used by default, and must be turned on via the config file.

Yet the XML-RPC class is xss cleaning the data regardless of any setting in the config.

Anyone care to comment?

Messages In This Thread

XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 05-25-2008, 05:58 AM

XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 05-25-2008, 03:00 PM

XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 05-26-2008, 02:19 AM

XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 05-27-2008, 08:03 AM

XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 06-22-2009, 07:35 AM

XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 06-22-2009, 09:06 AM

XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 06-22-2009, 09:53 AM

XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 06-22-2009, 09:56 AM

XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 06-29-2009, 01:28 PM

XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 06-29-2009, 02:45 PM

XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 06-29-2009, 06:24 PM