Comment 2 for bug 1289033
Revision history for this message
| Cristian Fiorentino (cristian-fiorentino) wrote Re: XSS in Horizon-Orchestration | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Having analyzed the issue, the problems seems to be that the template structure used to display the "Description" message is not performing autoescaping. I will be proving a patch proposal soon.
Question on the process: are Gerrit reviews on security bugs automatically being set to private, or should I perform any additional steps to maintain the review private? Thanks.