New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

a placeholder for a security issue #2

Closed
ilatypov opened this Issue Apr 24, 2017 · 2 comments

Comments

Projects
None yet
2 participants
@ilatypov
Contributor

ilatypov commented Apr 24, 2017

Date: Mon, 24 Apr 2017 17:46:39 +0000 (UTC)
From: Ilguiz Latypov <ilatypov@yahoo.ca>
To: "support@calendarxp.net" <support@calendarxp.net>
Subject: Question about FlatCalendarXP - Ref#1493055020520

victorwon added a commit that referenced this issue May 18, 2017

@victorwon

This comment has been minimized.

Owner

victorwon commented May 18, 2017

Thanks!

@victorwon victorwon closed this May 18, 2017

@ilatypov

This comment has been minimized.

Contributor

ilatypov commented Jul 10, 2017

Luckily, this covered both JSFuck (because we reject parentheses) and Gareth Heyes's way of executing code without parentheses (because we reject back-ticks). Doing away with expecting javascript from externally controlled sources can eradicate the vulnerability.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment