#18552 closed defect (fixed)
Cross-site scripting vulnerability
Reported by: | jhelleve | Owned by: | bill |
---|---|---|---|
Priority: | undecided | Milestone: | 1.6.4 |
Component: | Dijit | Version: | 1.9.3 |
Keywords: | Cc: | ||
Blocked By: | Blocking: |
Description
Our IBM Rational security scans have flagged the following dojo delivered file for a cross-site scripting vulnerability: File: dijit\bench\create_widgets.html Segment:
<body class=tundra>
<script language='javascript'>
document.write("<h2>Currently Creating "+count+" "+className+" instances</h2>");
</script>
...
Attachments (1)
Change History (9)
Changed 6 years ago by
Attachment: | dojo_cross_site_scripting.png added |
---|
comment:1 Changed 6 years ago by
Milestone: | tbd → 1.6.4 |
---|---|
Status: | new → assigned |
OK, good catch, I'll fix.
comment:2 Changed 6 years ago by
FWIW my testing shows there isn't any vulnerability, but I do see a few typos in the regex so I'll fix those.
comment:3 Changed 6 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note: See
TracTickets for help on using
tickets.
Cross site scripting error