[ic] Patch for dist/catalog_after.cfg to eliminate XSS
Jon Jensen
jon at endpoint.com
Mon Jul 11 20:34:34 UTC 2011
On Mon, 11 Jul 2011, Josh Lavin wrote:
> If a script is used in the URL of a request to a UI page, such as
> 'ui_download', the error page will display it inline, allowing the
> script to execute.
Thanks, Josh. I pushed out that and your other commit to the main repo.
Jon
--
Jon Jensen
End Point Corporation
http://www.endpoint.com/
More information about the interchange-users
mailing list