Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

avoid xss when using js_reverse_inline #81

Merged
merged 1 commit into from
May 9, 2019
Merged

avoid xss when using js_reverse_inline #81

merged 1 commit into from
May 9, 2019

Conversation

graingert
Copy link
Contributor

No description provided.

@graingert graingert merged commit a3b57d1 into master May 9, 2019
@graingert graingert deleted the fix-xss-when-using-js-reverse-inline branch August 1, 2019 10:37
@carnil
Copy link

carnil commented Mar 7, 2020

@graingert do you have any information with which changes this issue has been introduced in django-js-reverse?

This issue was assigned CVE-2019-15486 so it would be useful to determine for users of older versions (for instance Debian has 0.7.3 based version in the repositories) are affected.

@graingert
Copy link
Contributor Author

@carnil https://github.com/ierror/django-js-reverse/blob/master/CHANGELOG.rst#091

It was introduced in 0.9.0 and fixed in 0.9.1. My recommendation is to install django-csp and disable inline JavaScript

@carnil
Copy link

carnil commented Mar 8, 2020 via email

@graingert
Copy link
Contributor Author

@carnil no worries it was no time at all. I appreciate being made aware of the CVE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@graingert @carnil