Comment 13 for bug 1567673
Revision history for this message
| Richard Jones (r1chardj0n3s) wrote Re: Possible client side template injection in horizon | #13 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I believe that's a false positive as we don't use the standard "{{" and "}}" as our angular template markers, we use "{$" and "$}", hence the code I implemented escapes those and not the standard markers.
I have confirmed that with the code I propose above in place, the exploit is neutralised in the login page.