Comment 23 for bug 1308727
Revision history for this message
| Paul McMillan (paul-mcmillan) wrote Re: XSS in Horizon Heat template - resource name | #23 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
I think the the patch to instances.js, while correct, is indicative of an underlying security design problem (we need to re-separate our html generation from our core code logic), but this ticket is not the place for that discussion.
Both patches look correct to me, I've asked Gabriel Hurley to take a look at the javascript issue.