salmanishere / pagure

Forked from pagure 5 years ago
Clone
Source Code
GIT

46fb07a Ensure URLs are URLs not anything else

Authored and Committed by pingou 5 years ago
raw patch tree parent
2 files changed. 14 lines added. 2 lines removed.
pagure/forms.py
file modified
+9 -2
pagure/ui/repo.py
file modified
+5 -0 
    Ensure URLs are URLs not anything else
    
    Before this commit users could input anything there, include JS code
    which would lead to potential XSS exploits.
    
    This fixes CVE-2018-1002155
    
    Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
file modified
+9 -2
file modified
+5 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.