OpenStack Dashboard (Horizon)

  1. Bug #1308727
  2. Comment #11

Comment 11 for bug 1308727

Revision history for this message
Thierry Carrez (ttx) wrote : Re: XSS in Horizon Heat template - resource name

I would say "...a malicious templates owner/catalog may conduct an XSS attack once..." (also removing the comma after catalog). Would also remove the inner parenthesis "(session cookies/CSRF tokens)" and s/informartion/information/. Finally I would say "setups using Heat together with Horizon" so that it's clear it's the combo that is affected.