Fix XSS hole in inline comment editing
864e0d8a2fad
Actions

Authored by epriestley <git@epriestley.com> on Apr 30 2011, 05:18.

Description

Fix XSS hole in inline comment editing

Summary:
Thanks to erling for the report. This was XSSable, although you could
only get yourself.

Test Plan:
Made a comment like "</textarea><h1>" and edited it before and after
the patch. Proper behavior with this patch.

Reviewed By: aran
Reviewers: erling, jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 187

Committed

epriestley <git@epriestley.com>

Apr 30 2011, 05:27

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH78d33b177115: Silence an undeclared variable warning

Branches

Unknown

Tags

Unknown

epriestley <git@epriestley.com> committed rPH864e0d8a2fad: Fix XSS hole in inline comment editing (authored by epriestley <git@epriestley.com>).Apr 30 2011, 05:27

				Path
	M			src/applications/differential/controller/inlinecommentedit/DifferentialInlineCommentEditController.php