Skip to:
Content

Opened 2 years ago

Closed 2 years ago

#2986 closed defect (fixed)

Moderation and blacklist word checks can be bypassed by wrapping keys with HTML

Reported by: netweb Owned by: netweb
Milestone: 2.6 Priority: normal
Severity: normal Version:
Component: API - Moderation Keywords: has-patch
Cc:

Description

Moderation moderation_keys and blacklist blacklist_keys word checks can by bypassed by wrapping parts of the word in HTML, e.g bannedword can be bypassed using <em>banned</em>word

Change History (1)

#1 @netweb
2 years ago

  • Owner set to netweb
  • Resolution set to fixed
  • Status changed from new to closed

In 6085:

Moderation: Include topic and reply post content with and without HTML in moderation_keys and blacklist_keys checks.

This changeset ensures users cannot bypass the moderation word checks by wrapping parts of the word or term in HTML, e.g. bannedword could previously be bypassed using <em>banned</em>word

Fixes #2986.

Note: See TracTickets for help on using tickets.