[OH-Dev] [issue915] XSS issue in project name field
brittag
bugs at openhatch.org
Mon Jan 6 00:57:49 UTC 2014
New submission from brittag <brittag at gmail.com>:
Putting a special string into the project name field causes a Javascript popup, which it really
shouldn't. Here's the string: ""><img src=x onerror=prompt(1);>
Here's a demonstration by the reporter: http://openhatch.org/people/pik4chu/ - and I also
reproduced it myself.
This seems very related to the problem at https://openhatch.org/bugs/issue875 - which was also
about project names not being escaped properly.
----------
messages: 4025
nosy: brittag, mandarg, paulproteus
priority: critical
status: unread
title: XSS issue in project name field
__________________________________________
Roundup issue tracker <bugs at openhatch.org>
<https://openhatch.org/bugs/issue915>
__________________________________________
More information about the Devel
mailing list