Closed
Bug 1252554
Opened 8 years ago
Closed 8 years ago
Avoid possibility of XSS in release tracking report
Categories
(bugzilla.mozilla.org :: Extensions, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dylan, Assigned: dylan)
References
Details
Attachments
(1 file)
|
876 bytes,
patch
|
dkl
:
review+
|
Details | Diff | Splinter Review |
extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl contains the line
> var flags_data = [% flags_json FILTER none %];
I don't know that flags_json can be manipulated to be anything other than valid json, but I'm confident that it cannot be a problem if we treat it like a string and use $.parseJSON.
|
Assignee | |
Comment 1•8 years ago
|
||
Attachment #8725340 -
Flags: review?(dkl)
|
||
Comment 2•8 years ago
|
||
Comment on attachment 8725340 [details] [diff] [review] 1252554_1.patch Review of attachment 8725340 [details] [diff] [review]: ----------------------------------------------------------------- r=dkl. I do not suppose we need a csrf token for this one as you are not making changes to the DB, just searching.
Attachment #8725340 -
Flags: review?(dkl) → review+
|
||
Comment 3•8 years ago
|
||
(In reply to Dylan William Hardison [:dylan] from comment #0) > I don't know that flags_json can be manipulated to be anything other than > valid json, "</script><script>alert(/xss/)</script>" is perfectly valid JSON ;)
|
|
Assignee | |
Comment 4•8 years ago
|
||
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git 02aa6ce..30143b3 master -> master
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
||
Updated•5 years ago
|
Component: Extensions: BMO → Extensions
You need to log in
before you can comment on or make changes to this bug.
Description
•