XSS vunerability in inline distro series edit popup
Bug #741414 reported by
Ian Booth
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Critical
|
Ian Booth |
Bug Description
When the inline multicheckbox widget is used to edit distroseries on the recipe index page, the distro series names rendered on the popup are not escaped.
Related branches
lp:~wallyworld/launchpad/inline-multicheckbox-widget-xss
- j.c.sackett (community): Approve
-
Diff: 43 lines (+5/-5)2 files modifiedlib/lp/app/javascript/multicheckbox.js (+2/-2)
lib/lp/app/javascript/tests/test_multicheckboxwidget.js (+3/-3)
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
visibility: | private → public |
To post a comment you must log in.
Fixed in stable r12662 <http:// bazaar. launchpad. net/~launchpad- pqm/launchpad/ stable/ revision/ 12662>.