Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This was reported via Bugzilla (https://bugzilla.mozilla.org/show_bug.cgi?id=1277512) https://transvision.mozfr.org/?whole_word=on&sourcelocale=af&repo=beta&case_sensitive=on&perfect_match=on&locale=af&search_type=entities&recherche=555-555-0199@example.com&%22%3E%3Cscript%3Ealert%281%29%3C/script%3E=1
leads to a XSS because in parsing the url to extract GET keys and values, we don't sanitize the keys and we do use those when rebuilding links to point to the API.
I have a patch.
The text was updated successfully, but these errors were encountered:
fix mozfr#750: fix an XSS in the API promotion sub-model
bcde378
96555ab
pascalchevrel
No branches or pull requests
This was reported via Bugzilla (https://bugzilla.mozilla.org/show_bug.cgi?id=1277512)
https://transvision.mozfr.org/?whole_word=on&sourcelocale=af&repo=beta&case_sensitive=on&perfect_match=on&locale=af&search_type=entities&recherche=555-555-0199@example.com&%22%3E%3Cscript%3Ealert%281%29%3C/script%3E=1
leads to a XSS because in parsing the url to extract GET keys and values, we don't sanitize the keys and we do use those when rebuilding links to point to the API.
I have a patch.
The text was updated successfully, but these errors were encountered: