dennisreimann
commented
14 years ago Fixed XSS vulnerability. Closed by a3e83c7831a8d3ecf0e85acb016a2271f5f23dce
Closed saten closed 14 years ago
dennisreimann
commented
14 years ago Fixed XSS vulnerability. Closed by a3e83c7831a8d3ecf0e85acb016a2271f5f23dce
the render_openid_error in server_controller.rb is vulnerable to (reflected) xss injection. this is easy fixable by escaping everything which get echoed to the user.