Sanitize input!

Bug #835955 reported by Daniel Holbach
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Summit
Fix Released
Undecided
Michael Hall

Bug Description

Putting in data such as

"><script>alert(/xss/)</script>

in the sponsoring forms, seems to be enough to make Summit go funny.

Revision history for this message
Nigel Babu (nigelbabu) wrote :

Fixed in the stable branch with the following MPs.

https://code.launchpad.net/~mhall119/summit/xss-vulnerability-fix-2/+merge/73143
https://code.launchpad.net/~mhall119/summit/xss-vulnerability-fix/+merge/73091

Please feel free to do a release to get it into production immediately.

Changed in summit:
assignee: nobody → Michael Hall (mhall119)
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.