[FFmpeg-devel] [PATCH] fateserver/history: escape untrusted data
Michael Niedermayer
michaelni at gmx.at
Mon Mar 3 03:43:57 CET 2014
On Sun, Mar 02, 2014 at 02:59:43PM -0800, Timothy Gu wrote:
> Fixes Cross-Site Script with:
>
> http://fate.ffmpeg.org/history.cgi?slot="><script>alert(1)</script>
>
> or equivalent.
>
> Signed-off-by: Timothy Gu <timothygu99 at gmail.com>
> ---
>
> HTML::Entities is already used in report.cgi so no new dependency is
> needed.
applied
thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Complexity theory is the science of finding the exact solution to an
approximation. Benchmarking OTOH is finding an approximation of the exact
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140303/066bb5c7/attachment.asc>
More information about the ffmpeg-devel
mailing list