Comment 2 for bug 1247675
Revision history for this message
| David Lyle (david-lyle) wrote Re: Persistent XSS in OpenStack Web UI for Instances | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
So sanitizing the input is not sufficient, because someone using the APIs can potentially push dangerous names directly that way. So best approach is to make sure any values coming out are not left as raw HTML.