OpenStack Dashboard (Horizon)

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1349491
Comment #2

Comment 2 for bug 1349491

Revision history for this message

Julie Pichon (jpichon) wrote on 2014-07-29: Re: Persistent XSS in the Host Aggregates interface

bug1349491.20140729.patch Edit (2.3 KiB, text/plain)

Here's a proposed patch for the issue. It also applies cleanly on icehouse (where I was able to reproduce the problem), I'll provide a havana version later on.

It's the second time we get bitten by the way we use filters in python files (cf. bug 1320235), after a solution for this gets merged I'll look into refactoring the solutions so they're more reusable. Maybe in a horizon/tables/filters.py file for filters known to be problematic, or introspecting for an autoescape argument so that might be too costly performance-wise...