XSS vulnerability in Pier-Blog

Hi,


I just found that Pier-Blog seems to be very vulnerable to XSS
attacks...

Try to post the following in a comment:

<script>
alert('hello world!');
</script>

Cheers!

Nico


_______________________________________________
Magritte, Pier and Related Tools ...
https://www.iam.unibe.ch/mailman/listinfo/smallwiki

Hi Nico,

yeah, that's a known problem related to this issue

    http://code.google.com/p/pier/issues/detail?id=48

Fixing it using an explicit verbatim syntax would also resolve other
encoding related issues in the environment and the blog could filter
such markup. It is on the todo list for a long time ... if anybody
wants to help, I would be glad.

Lukas

--
Lukas Renggli
http://www.lukas-renggli.ch
_______________________________________________
Magritte, Pier and Related Tools ...
https://www.iam.unibe.ch/mailman/listinfo/smallwiki