[SOLVED] Bug - Security issue <script>alert("hello world");</script>


After doing a research for "CHtmlPurifier" in the forum I had a javascript alert "1".

It seems that the title of one of the posts listed as search results contains some javascript.

So I am now trying to reproducing it in this post, so that developers can fix it later.

This is the page I am talking about : http://www.yiiframework.com/search/?q=CHtmlPurifier&lang=&type=

(you might have to re-click the search button)

It’s the one pointing to this thread: Active Record and [script]alert(1)[/script] problem

Thanks, will check it.


Fixed. Will be deployed soon.

is that one solved now ?

Yes, should be so. If not, let me know.