URL fields should be restricted to URLs

Bug #522460 reported by William Grant
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
IVLE
Fix Released
High
William Grant

Bug Description

We have a few URL fields in the database. Ensure that they are restricted to valid, non-malicious (eg. protocol is not javascript:) strings at both the DB and form validation layers.

 - offering.url
 - project.url

Related branches

Revision history for this message
William Grant (wgrant) wrote :

Neither has been set in production. Both are enforced at the form layer. It's a bit difficult to enforce at the DB layer, so we won't do that for now.

Changed in ivle:
status: Triaged → In Progress
Revision history for this message
William Grant (wgrant) wrote :

Fixed in trunk r1675.

Changed in ivle:
status: In Progress → Fix Committed
William Grant (wgrant)
Changed in ivle:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.