OpenStack Dashboard (Horizon)

  1. Bug #1308727
  2. Comment #32

Comment 32 for bug 1308727

Revision history for this message
Tristan Cacqueray (tristan-cacqueray) wrote : Re: XSS in Horizon Heat template - resource name (CVE-2014-3473)

@horizon-coresec, could you please review the patch Julie submitted in comment #28 ?
According to https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#A_Positive_XSS_Prevention_Model, the javascript cleaning looks good, and python filters are reasonable as well.

Please test the patch for regression!