inderpalaulakh / google-app-engine-samples

Automatically exported from code.google.com/p/google-app-engine-samples
0 stars 0 forks source link

Security problem in secret-valentine #20

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Log in the to http://secret-valentine.appspot.com
2. Click on
http://secret-valentine.appspot.com/compose?error_message=%3Cscript%3Ealert(%27O
wned!%27)%3C/script%3E

You shouldn't get a popup saying 'owned!'. This is a classic CSS attack.

While the app is not important, people may be using it as a pattern to
develop their own applications, thus it is probably worth getting it right.

Original issue reported on code.google.com by philip.j...@gmail.com on 23 Dec 2008 at 12:04