[Freeipa-devel] [PATCH] 788 webui: fix potential XSS vulnerabilities
Petr Vobornik
pvoborni at redhat.com
Wed Nov 19 17:51:14 UTC 2014
Escape user defined text to prevent XSS attacks. Extra precaution was
taken to escape also parts which are unlikely to contain user-defined text.
https://fedorahosted.org/freeipa/ticket/4742
resolves CVE-2014-7850
f21 blocker candidate, requires priority review.
--
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0788-webui-fix-potential-XSS-vulnerabilities.patch
Type: text/x-patch
Size: 5776 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141119/193739c8/attachment.bin>
More information about the Freeipa-devel
mailing list