mirror of
https://gitlab.com/davical-project/davical.git
synced 2026-01-27 00:33:34 +00:00
ea1ca0be0c
* HTML escape the remotely retrieved version string printed to the HTML in order to prevent and attacks (if this would have been possible at all in 12 characters). The version string read from the davical.org webserver might be changed by an attacker in order to perform XSS. Even though this is highly unlikley (there are only 12 characters used) it's better to HTML escape any such string that is printed to HTML. This was originally reported at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703290