Comment 30 for bug 1463698
Revision history for this message
| Travis McPeak (travis-mcpeak) wrote | #30 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Sorry I'm confused - it still looks like we're failing to sanitize input which allows script to run as part of the rendering of a metadata field.
Regardless of whether it can get the cookie or not, this seems like a pretty big security issue to me. There are plenty of other security problems associated with allowing malicious scripts to run.
Am I missing something?