a placeholder for a security issue #2

Closed
ilatypov opened this Issue Apr 24, 2017 · 2 comments

Comments

Projects
None yet
2 participants
@ilatypov
Contributor

ilatypov commented Apr 24, 2017

Date: Mon, 24 Apr 2017 17:46:39 +0000 (UTC)
From: Ilguiz Latypov <ilatypov@yahoo.ca>
To: "support@calendarxp.net" <support@calendarxp.net>
Subject: Question about FlatCalendarXP - Ref#1493055020520

ilatypov added a commit to ilatypov/calendarxp that referenced this issue May 17, 2017

victorwon added a commit that referenced this issue May 18, 2017

@victorwon

This comment has been minimized.

Show comment
Hide comment
@victorwon

victorwon May 18, 2017

Owner

Thanks!

Owner

victorwon commented May 18, 2017

Thanks!

@victorwon victorwon closed this May 18, 2017

@ilatypov

This comment has been minimized.

Show comment
Hide comment
@ilatypov

ilatypov Jul 10, 2017

Contributor

Luckily, this covered both JSFuck (because we reject parentheses) and Gareth Heyes's way of executing code without parentheses (because we reject back-ticks). Doing away with expecting javascript from externally controlled sources can eradicate the vulnerability.

Contributor

ilatypov commented Jul 10, 2017

Luckily, this covered both JSFuck (because we reject parentheses) and Gareth Heyes's way of executing code without parentheses (because we reject back-ticks). Doing away with expecting javascript from externally controlled sources can eradicate the vulnerability.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment