Details
-
Bug
-
Resolution: Duplicate
-
High
-
None
-
None
-
None
Description
Stash doesn't escape HTML in commit messages at least in pull requests which creates a security risk if people submitting pull requests aren't fully trusted.
Attachments
Issue Links
- duplicates
-
BSERV-3635 Html in PR comments not encoded
- Closed