Message 1448 - PSF Meta Tracker

Author	rhamphoryncus
Recipients	loewis, rhamphoryncus
Date	2009-07-21.23:13:30
SpamBayes Score	0.00435834
Marked as misclassified	No

If it allows arbitrary HTML is presumably allows javascript as well. 
http://en.wikipedia.org/wiki/Cross-site_scripting#Non-persistent

It could, for instance, be used to steal bugtracker passwords or post spam.

History
Date	User	Action	Args
2009-07-21 23:13:30	rhamphoryncus	set	recipients: + rhamphoryncus, loewis
2009-07-21 23:13:30	rhamphoryncus	set	messageid: <1248218010.54.0.271885599872.issue296@psf.upfronthosting.co.za>
2009-07-21 23:13:30	rhamphoryncus	link	issue296 messages
2009-07-21 23:13:30	rhamphoryncus	create

Message1448