Sanitize input!

Bug #835955 reported by Daniel Holbach on 2011-08-28
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Summit
Undecided
Michael Hall

Bug Description

Putting in data such as

"><script>alert(/xss/)</script>

in the sponsoring forms, seems to be enough to make Summit go funny.

Nigel Babu (nigelbabu) wrote :

Fixed in the stable branch with the following MPs.

https://code.launchpad.net/~mhall119/summit/xss-vulnerability-fix-2/+merge/73143
https://code.launchpad.net/~mhall119/summit/xss-vulnerability-fix/+merge/73091

Please feel free to do a release to get it into production immediately.

Changed in summit:
assignee: nobody → Michael Hall (mhall119)
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers