Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Item14069: fix XSS (javascript injection) vulnerability in attach #9

Closed
wants to merge 2 commits into from
Closed

Item14069: fix XSS (javascript injection) vulnerability in attach #9

wants to merge 2 commits into from

Conversation

RayPlante
Copy link
Contributor

This pull request addresses Item14069 ("Attach filename parameter vulnerable to cross-site scripting"). It includes the fix in Foswiki::UI::Attach.pm and a unit test to detect the vulnerability.

@gac410
Copy link
Member

gac410 commented May 16, 2016

Ray, I'm going to cherry-pick these fixes into the release instead of merging. One of the commit messages has a typo in the task. This will be cleaner.

@gac410
Copy link
Member

gac410 commented May 16, 2016

Manually merged. Also moved the Test into the test/unit directory.

@gac410 gac410 closed this May 16, 2016
@RayPlante
Copy link
Contributor Author

Sounds good. thanks! --Ray

From: George Clark notifications@github.com
Sent: Monday, May 16, 2016 7:07:44 PM
To: foswiki/distro
Cc: Plante, Raymond L. (Fed); Author
Subject: Re: [foswiki/distro] Item14069: fix XSS (javascript injection) vulnerability in attach (#9)

Ray, I'm going to cherry-pick these fixes into the release instead of merging. One of the commit messages has a typo in the task. This will be cleaner.

You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHubhttps://github.com//pull/9#issuecomment-219574977

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@RayPlante @gac410