[Commotion-admin] [luci-commotion-apps] Stored XSS in local application URL (High) (#12)
Griffin Boyce
notifications at github.com
Mon Oct 14 19:33:26 UTC 2013
We can also write our own custom filter or use that one as a base. Rather than blacklist items that match a certain scheme (like data:), it whitelists tags and link structures.
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/luci-commotion-apps/issues/12#issuecomment-26282214
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20131014/898a2ace/attachment.html>
More information about the Commotion-admin
mailing list