Re: [Freeipa-devel] [PATCH] 788 webui: fix potential XSS vulnerabilities

Tomas Babej Thu, 20 Nov 2014 06:39:13 -0800

On 11/19/2014 06:51 PM, Petr Vobornik wrote:
> Escape user defined text to prevent XSS attacks. Extra precaution was
> taken to escape also parts which are unlikely to contain user-defined
> text.
>
> https://fedorahosted.org/freeipa/ticket/4742
>
> resolves CVE-2014-7850
>
> f21 blocker candidate, requires priority review.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


ACK, works fine.

Resolves issue described in CVE-2014-7850.

Pushed to:
master: bff97e8b2e8d80e75e989b661e873c8e72cd7429
ipa-4-1: af9fd4dfe2c18e52127480c959c35ad37b566095


-- 
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 788 webui: fix potential XSS vulnerabilities

Reply via email to