yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1463698] Re: XSS

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Samuel Merritt <1463698@xxxxxxxxxxxxxxxxxx>
Date: Sat, 22 Aug 2015 00:50:20 -0000
Reply-to: Bug 1463698 <1463698@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Sounds like escaping of content needs to happen where the content is
embedded. Swift just gives you back what you gave it.

Adding Horizon, marking invalid for Swift.

** Also affects: horizon
   Importance: Undecided
       Status: New

** Changed in: swift
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1463698

Title:
  XSS

Status in OpenStack Dashboard (Horizon):
  New
Status in OpenStack Security Advisory:
  Won't Fix
Status in OpenStack Object Storage (swift):
  Invalid

Bug description:
  2.14.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1463698/+subscriptions