-
Frédéric Buclin authored
Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace and Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs r=dkl a=LpSolit
9244270a
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| account | ||
| admin | ||
| attachment | ||
| bug | ||
| extensions | ||
| flag | ||
| global | ||
| list | ||
| pages | ||
| reports | ||
| request | ||
| search | ||
| setup | ||
| whine | ||
| config.js.tmpl | ||
| config.rdf.tmpl | ||
| filterexceptions.pl | ||
| index.html.tmpl | ||
| welcome-admin.html.tmpl |