Learn more about these different git repos.
Other Git URLs
Currently, we are not sanitizing the input from the user when rendering the sticky widget. If you add something like the following:
<a onClick="alert('pants');" href="#">and some more</a>
to a sticky note widget, it runs the script.
I'll fix this!
in other fedora apps, we use bleach to do this:
https://github.com/fedora-infra/bodhi/blob/develop/bodhi/server/util.py#L434
Metadata Update from @ryanlerch: - Issue priority set to: High
Fixed by changeset c78e0ca in PR #422.
Metadata Update from @abompard: - Issue assigned to shaily - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.