[Commotion-admin] [luci-commotion-apps] Stored XSS in local application URL (High) (#12)
dismantl
notifications at github.com
Fri Oct 18 14:14:12 UTC 2013
testing link href `http://;javascript:alert(1);` did not trigger javascript on IE6, IE7, IE8, Firefox, or Chrome, so I am concluding that we only need to mitigate against simple javascript and data URIs.
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/luci-commotion-apps/issues/12#issuecomment-26598689
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20131018/038b1481/attachment.html>
More information about the Commotion-admin
mailing list