Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

[perl #38183] [TODO] smoke - possible 'Cross Site Scripting' issue

0 views

Skip to first unread message

Joshua Hoblitt

unread,

Jan 7, 2006, 5:41:39 PM1/7/06

to bugs-bi...@rt.perl.org

# New Ticket Created by Joshua Hoblitt
# Please include the string: [perl #38183]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org/rt3/Ticket/Display.html?id=38183 >

The current smoke system submits HTML directly to the smoke server.
This is just begging to be abused. Instead the system should submit raw
data that can be validated by the smoke server and then marked up for
presentation.

-J

Florian Ragwitz

unread,

Jan 8, 2006, 9:00:05 AM1/8/06

to perl6-i...@perl.org

I'm currently about to do a rewrite of smokeserv that fixes this.

Regards,
Flo

--
BOFH excuse #263:
It's stuck in the Web.

signature.asc

0 new messages