[Commotion-admin] [luci-commotion-apps] Stored XSS in local application URL (High) (#12)
areynold
notifications at github.com
Mon Oct 14 19:48:16 UTC 2013
@danstaples, it looks like `javascript:` and `data:` are already being stripped out, so the fix will need to be deeper. To summarize the quick office discussion about this thread (glamrock, jheretic, hawkinswnaf), it sounds like adding a filter is the way to go.
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/luci-commotion-apps/issues/12#issuecomment-26283257
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20131014/c967daa4/attachment.html>
More information about the Commotion-admin
mailing list