What steps will reproduce the problem?
1. Log in the to http://secret-valentine.appspot.com
2. Click on
http://secret-valentine.appspot.com/compose?error_message=%3Cscript%3Ealert(%27O
wned!%27)%3C/script%3E
You shouldn't get a popup saying 'owned!'. This is a classic CSS attack.
While the app is not important, people may be using it as a pattern to
develop their own applications, thus it is probably worth getting it right.
Original issue reported on code.google.com by philip.j...@gmail.com on 23 Dec 2008 at 12:04
Original issue reported on code.google.com by
philip.j...@gmail.comon 23 Dec 2008 at 12:04