Google 網路論壇不再支援新的 Usenet 貼文或訂閱項目,但過往內容仍可供查看。
Dismiss

[perl #38183] [TODO] smoke - possible 'Cross Site Scripting' issue

瀏覽次數:0 次
跳到第一則未讀訊息

Joshua Hoblitt

未讀,
2006年1月7日 下午5:41:392006/1/7
收件者:bugs-bi...@rt.perl.org
# New Ticket Created by Joshua Hoblitt
# Please include the string: [perl #38183]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org/rt3/Ticket/Display.html?id=38183 >


The current smoke system submits HTML directly to the smoke server.
This is just begging to be abused. Instead the system should submit raw
data that can be validated by the smoke server and then marked up for
presentation.

-J

--

Florian Ragwitz

未讀,
2006年1月8日 上午9:00:052006/1/8
收件者:perl6-i...@perl.org

I'm currently about to do a rewrite of smokeserv that fixes this.


Regards,
Flo

--
BOFH excuse #263:
It's stuck in the Web.

signature.asc
0 則新訊息