[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pki-devel] [pki-devel[PATCH] 0035-Fix-XSS-attacks-on-the-dogtag-administration-page-13.patch

I think the code could use further cleanup/improvements, but the patch itself is fine. ACK.

On 5/14/2015 5:40 PM, John Magne wrote:

Resubmitting based on a couple of things.

1.  Informal feedback stating that I left out one of the minor original packages.

2. Refactoring of a few confusing copied methods was necessary in my opinion. Discussed below:

   1. Too many copies of escapeJavaScriptString all over the place. Consolidated dow to the two related functions "escapeJavaScriptString" and "escapeJavaScriptStringHTML" methods in the CMSTemplate class to be called everywhere. Removed the duplicated methods in other classes.

     2. There were some places where "escapeJavaScriptString" was called, when we really wanted "escapeJavaScriptStringHTML". Fixed that everywhere. One reason for this is a copied version of "escapeJavaScriptString" actually was identical to CMSTemplate.escapeJavaScriptString, which has been removed.

All major test cases from the various bugs retested to work fine.

----- Original Message -----
From: "John Magne" <jmagne redhat com>
To: "pki-devel" <pki-devel redhat com>
Sent: Tuesday, May 12, 2015 2:02:01 PM
Subject: [pki-devel[PATCH] 0034-Fix-XSS-attacks-on-the-dogtag-administration-page-13.patch

Fix XSS attacks on the dogtag administration page #1373.

     Porting this set of fixes over from last downstream release upstream.

Endi S. Dewata

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]