XSS Protection Not Working

angeloh / chrometophone

Automatically exported from code.google.com/p/chrometophone

0 stars 0 forks source link

XSS Protection Not Working #72

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

The latest update on the server side has regressed the XSS protection.

Entering 
http://chrometophone.appspot.com/send?login=true&title=name&url=http%3A%2F%2Fgoo
gle.com&sel=
into a URL bar will return an OK rather than an error.

Original issue reported on code.google.com by patrick....@gmail.com on 9 Jun 2010 at 9:05

GoogleCodeExporter commented 9 years ago

See note in code. This is temporary for a few days to allow folks to upgrade 
the extension. Once enabled, all old extensions will cease to work.

Original comment by burke.da...@gmail.com on 9 Jun 2010 at 9:27

GoogleCodeExporter commented 9 years ago

Original comment by burke.da...@gmail.com on 9 Jun 2010 at 9:29

Changed state: Invalid