Comment 5 for bug 1322197
Revision history for this message
| Matthias Runge (mrunge) wrote Re: Persistent XSS in OpenStack Havana UI for Network Name (CVE-2014-3474) | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
The question is here, if it's desirable to be able to name a network like an html tag:
<your name here>
or if we should scrub those ambersamps at all.
A proposal to sanitize names and to escape js is in the patch.