Comment 45 for bug 1308727
Revision history for this message
| Julie Pichon (jpichon) wrote Re: XSS in Horizon Heat template - resource name (CVE-2014-3473) | #45 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Master has changed and the patch in #34 does not apply cleanly anymore (it is still ok for Icehouse). The link classes attribute has changed extensively and I don't have time to test the new interaction so I removed the escaping on that one. I think it's ok because it should already be safe as these attributes can only defined programmatically.