[zanata/zanata-server] 70f8d7: fix(security): do not output every user email addr...
GitHub
noreply at github.com
Fri Aug 21 02:16:36 UTC 2015
Branch: refs/heads/project-roles-ui
Home: https://github.com/zanata/zanata-server
Commit: 70f8d70e74063abec4d9837e0939a5e2df9e465e
https://github.com/zanata/zanata-server/commit/70f8d70e74063abec4d9837e0939a5e2df9e465e
Author: David Mason <drdmason at gmail.com>
Date: 2015-08-21 (Fri, 21 Aug 2015)
Changed paths:
M zanata-war/src/main/webapp/resources/zanata/person-permission-entry.xhtml
Log Message:
-----------
fix(security): do not output every user email address in the DOM
User email address was being output as the id of a DOM element, which is easily seen
by anyone with a browser. It looks like the id was not even being used anywhere.
I do not know why this was done. Was it an attempt to generate a unique ID for each
list item? The same person can be output in multiple categories so it would not have
been unique anyway. I just removed it, and the list still seems to work properly.
More information about the zanata-commits
mailing list