template/en/default/attachment · 95b919c0b6b731d16e92dd748e654cefeba0bd32 · etersoft / bugzilla

Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for… · 9244270a

authored Jan 24, 2011

Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace

and

Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs

r=dkl a=LpSolit

9244270a

Name	Last commit	Last update
..
cancel-create-dupe.html.tmpl		Loading commit data...
choose.html.tmpl		Loading commit data...
confirm-delete.html.tmpl		Loading commit data...
create.html.tmpl		Loading commit data...
created.html.tmpl		Loading commit data...
createformcontents.html.tmpl		Loading commit data...
delete_reason.txt.tmpl		Loading commit data...
diff-file.html.tmpl		Loading commit data...
diff-footer.html.tmpl		Loading commit data...
diff-header.html.tmpl		Loading commit data...
edit.html.tmpl		Loading commit data...
list.html.tmpl		Loading commit data...
midair.html.tmpl		Loading commit data...
show-multiple.html.tmpl		Loading commit data...
updated.html.tmpl		Loading commit data...