Potential JS injection in Manage Places/Events #578
Labels
No labels
backend
critical
defect
duplicate
enhancement
fixed
frontend
general
invalid
major
minor
normal
oxjs
pandora_client
python-ox
task
trivial
wontfix
worksforme
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: 0x2620/pandora#578
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
If you enter
<script>alert('JS injection')</script>
as name or alternative name, the map/calendar will execute this as JS.Saving seems to be fixed, so dialogs will go after reload.
Moving JS injection issues to #579.