Please sign in to comment.
Bug 107925 - Persistent XSS - snippet [CWE-79]
Issue: Shortcut key “q” that triggers to have mail contents in the tooltip is not XSS safe and set’s the content without encoding. Changeset: * ZmMailListController.js: Html encoding the mail fragment before setting it to the ui.
- Loading branch information...
Showing with 4 additions and 1 deletion.