Skip to:

Opened 8 years ago

Closed 8 years ago

#2986 closed defect (bug) (fixed)

Moderation and blacklist word checks can be bypassed by wrapping keys with HTML

Reported by: netweb's profile netweb Owned by: netweb's profile netweb
Milestone: 2.6 Priority: normal
Severity: normal Version:
Component: API - Moderation Keywords: has-patch


Moderation moderation_keys and blacklist blacklist_keys word checks can by bypassed by wrapping parts of the word in HTML, e.g bannedword can be bypassed using <em>banned</em>word

Change History (1)

#1 @netweb
8 years ago

  • Owner set to netweb
  • Resolution set to fixed
  • Status changed from new to closed

In 6085:

Moderation: Include topic and reply post content with and without HTML in moderation_keys and blacklist_keys checks.

This changeset ensures users cannot bypass the moderation word checks by wrapping parts of the word or term in HTML, e.g. bannedword could previously be bypassed using <em>banned</em>word

Fixes #2986.

Note: See TracTickets for help on using tickets.