[ic] Patch for dist/catalog_after.cfg to eliminate XSS

Jon Jensen jon at endpoint.com
Mon Jul 11 20:34:34 UTC 2011

On Mon, 11 Jul 2011, Josh Lavin wrote:

> If a script is used in the URL of a request to a UI page, such as 
> 'ui_download', the error page will display it inline, allowing the 
> script to execute.

Thanks, Josh. I pushed out that and your other commit to the main repo.


Jon Jensen
End Point Corporation

More information about the interchange-users mailing list