[ic] Patch for dist/catalog_after.cfg to eliminate XSS

Jon Jensen jon at endpoint.com
Mon Jul 11 20:34:34 UTC 2011

Previous message: [ic] Patch for dist/catalog_after.cfg to eliminate XSS
Next message: [ic] Patch for taxable_amount() to see mv_discount
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 11 Jul 2011, Josh Lavin wrote:

> If a script is used in the URL of a request to a UI page, such as 
> 'ui_download', the error page will display it inline, allowing the 
> script to execute.

Thanks, Josh. I pushed out that and your other commit to the main repo.

Jon

-- 
Jon Jensen
End Point Corporation
http://www.endpoint.com/

Previous message: [ic] Patch for dist/catalog_after.cfg to eliminate XSS
Next message: [ic] Patch for taxable_amount() to see mv_discount
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the interchange-users mailing list