[Pki-devel] [pki-devel[PATCH] 0035-Fix-XSS-attacks-on-the-dogtag-administration-page-13.patch
John Magne
jmagne at redhat.com
Thu May 14 22:40:25 UTC 2015
Resubmitting based on a couple of things.
1. Informal feedback stating that I left out one of the minor original packages.
2. Refactoring of a few confusing copied methods was necessary in my opinion. Discussed below:
1. Too many copies of escapeJavaScriptString all over the place. Consolidated dow to the two related functions "escapeJavaScriptString" and "escapeJavaScriptStringHTML" methods in the CMSTemplate class to be called everywhere. Removed the duplicated methods in other classes.
2. There were some places where "escapeJavaScriptString" was called, when we really wanted "escapeJavaScriptStringHTML". Fixed that everywhere. One reason for this is a copied version of "escapeJavaScriptString" actually was identical to CMSTemplate.escapeJavaScriptString, which has been removed.
All major test cases from the various bugs retested to work fine.
----- Original Message -----
From: "John Magne" <jmagne at redhat.com>
To: "pki-devel" <pki-devel at redhat.com>
Sent: Tuesday, May 12, 2015 2:02:01 PM
Subject: [pki-devel[PATCH] 0034-Fix-XSS-attacks-on-the-dogtag-administration-page-13.patch
Fix XSS attacks on the dogtag administration page #1373.
Porting this set of fixes over from last downstream release upstream.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0035-Fix-XSS-attacks-on-the-dogtag-administration-page-13.patch
Type: text/x-patch
Size: 31693 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150514/9119a078/attachment.bin>
More information about the Pki-devel
mailing list