id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
8948	Scripts getting executed in preview mode.	Rajasimhan		"Enable source mode and enter javscript code. Come out of the source mode and click the preview button. The javascript will be executed. The JS execution will lead to security issues and must be fixed.

Replication:
1) copy the following script in source mode and click the preview button.

	&lt;&gt;<iframe frameborder=""0"" height=""200"" scrolling=""no"" src=""http://www.oracle.com"" width=""250""></iframe><script>alert('Executing script');</script>.

We would like to have the issue fixed in 3.6.2 and 3.5.3.

"	Bug	closed	Normal		General	3.6.2	invalid		rajasimhan.baskar@… senthil.kumaran@…