[Commotion-admin] [luci-commotion-apps] added input validation and sanitizing for mitigating RCE vulnerabilities (#21)
dismantl
notifications at github.com
Fri Oct 18 15:05:22 UTC 2013
second commit should fix https://github.com/opentechinstitute/luci-commotion-apps/issues/12
to test, submit app with url: `javascript://127.0.0.1/?%0d%0aalert(document.domain)`. App submission should be rejected.
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/luci-commotion-apps/pull/21#issuecomment-26603018
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20131018/66a25023/attachment-0001.html>
More information about the Commotion-admin
mailing list