You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 24, 2021. It is now read-only.
Reporter: amm [Submitted to the original trac issue database at 9.25am, Sunday, 18th April 2010]
As a followup on #2891, it is possible to inject javascript into the site, by adding the javascript to your languange settings and calling the search function on the mainsite. The error message there will contain the language settings verbatim and thus execute the script.
I don't think it is a security problem, as you can only shoot your self in the foot with it rather than harm others, but it might never the less be nice to prevent this. Altogether warning the user if they entered a broken string in the language setting might be a good thing.
The text was updated successfully, but these errors were encountered:
Reporter: amm
[Submitted to the original trac issue database at 9.25am, Sunday, 18th April 2010]
As a followup on #2891, it is possible to inject javascript into the site, by adding the javascript to your languange settings and calling the search function on the mainsite. The error message there will contain the language settings verbatim and thus execute the script.
I don't think it is a security problem, as you can only shoot your self in the foot with it rather than harm others, but it might never the less be nice to prevent this. Altogether warning the user if they entered a broken string in the language setting might be a good thing.
The text was updated successfully, but these errors were encountered: