BibFormat: fix for XSS vulnerability in `ln`
b4d4de2e702a
Actions

Authored by Tibor Simko <tibor.simko@cern.ch> on Dec 11 2013, 15:03.

Description

BibFormat: fix for XSS vulnerability in ln

Fixes XSS vulnerability in language parameter for queries such as </search?ln=en296b9%22%3E%3Cscript%3Ealert%281%29%3C/script%3Ee2d>.

Reported-by: Pietari Hyvärinen <pietari.hyvarinen@csc.fi>
Signed-off-by: Tibor Simko <tibor.simko@cern.ch>

Committed

Tibor Simko <tibor.simko@cern.ch>

Dec 11 2013, 16:01

Parents

R3600:241f1c02ca5c: Merge branch 'master' into next

Branches

Unknown

Tags

Unknown

Tibor Simko <tibor.simko@cern.ch> committed R3600:b4d4de2e702a: BibFormat: fix for XSS vulnerability in `ln` (authored by Tibor Simko <tibor.simko@cern.ch>).Dec 11 2013, 16:01

				Path
	M			modules/bibformat/lib/bibformat.py