bug tracker broken

Permalink
A thread about the fact that iframe's get stripped broke the bug tracker since iframe's are not stripped there ;-)

Probably a security risk too? Might be possible to inject some code..

Remo
 
andrew replied on at Permalink Reply
andrew
You're right, this is a forum issue, not a core c5 issue. We're sanitizing input and exchanging HTML with entities everywhere BUT in the name/title of the page...so including <iframe> in the title definitely causes issues.

Heh, that page should be fixed and we should update our forums with a fix very soon.