Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
XSS vulnerability on API promotion sub-model #750
This was reported via Bugzilla (https://bugzilla.mozilla.org/show_bug.cgi?id=1277512)
leads to a XSS because in parsing the url to extract GET keys and values, we don't sanitize the keys and we do use those when rebuilding links to point to the API.
I have a patch.