Comment 13 for bug 1567673

Revision history for this message
Richard Jones (r1chardj0n3s) wrote : Re: Possible client side template injection in horizon

I believe that's a false positive as we don't use the standard "{{" and "}}" as our angular template markers, we use "{$" and "$}", hence the code I implemented escapes those and not the standard markers.

I have confirmed that with the code I propose above in place, the exploit is neutralised in the login page.