Review Request 109905: Bugzilla filter: escape html to block injection.
Commit Hook
null at kde.org
Mon Apr 8 10:08:13 UTC 2013
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/109905/
-----------------------------------------------------------
(Updated April 8, 2013, 10:08 a.m.)
Status
------
This change has been marked as submitted.
Review request for Telepathy and David Edmundson.
Description
-------
Bugzilla filter: escape html to block injection.
BUG: 317936.
Also, fix a "not an object" js error when referencing an inexisting bug (and got a null result).
This addresses bug 317936.
http://bugs.kde.org/show_bug.cgi?id=317936
Diffs
-----
filters/bugzilla/showBugzillaInfo.js 1906257
Diff: http://git.reviewboard.kde.org/r/109905/diff/
Testing
-------
Works.
No injection now.
No «not an object» errors in Inspector for inexisting bugs now.
Thanks,
Nikita Skovoroda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-telepathy/attachments/20130408/27c3d654/attachment.html>
More information about the KDE-Telepathy
mailing list