Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

properly escape session and acl data in UI #2456

Merged
merged 2 commits into from
Nov 1, 2016
Merged

properly escape session and acl data in UI #2456

merged 2 commits into from
Nov 1, 2016

Commits on Oct 31, 2016

  1. update libv8 gem to something that compiles

    @markupboy
    markupboy committed Oct 31, 2016
    Configuration menu
    Copy the full SHA
    599c5ea View commit details
    Browse the repository at this point in the history

Commits on Nov 1, 2016

  1. properly escape session and acl data in UI 

    fixes an XSS vulnerability caused by having the sessionName, sessionMeta, and aclName blindly returning data as Handlebars.SafeStrings
    @markupboy
    markupboy committed Nov 1, 2016
    Configuration menu
    Copy the full SHA
    44ab1f5 View commit details
    Browse the repository at this point in the history