[Tickets #8715] Re: XSS vulnerability
bugs at horde.org
bugs at horde.org
Tue Nov 24 23:39:37 UTC 2009
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/8715
------------------------------------------------------------------------------
Ticket | 8715
Updated By | Jan Schneider <jan at horde.org>
Summary | XSS vulnerability
Queue | IMP
Version | FRAMEWORK_3
Type | Bug
State | Feedback
Priority | 3. High
Milestone | 4.3.6
Patch |
Owners | Horde Developers
+New Attachment | 0001-Add-test.patch
------------------------------------------------------------------------------
Jan Schneider <jan at horde.org> (2009-11-24 18:39) wrote:
Attachments are not private anyway. :)
Your patch seems to do its job, attached is a test case.
I'm not sure how far Firefox can be tricked to consider a link as a
data scheme. I'm thinking of variants of "data:text/html".
More information about the bugs
mailing list