vcs.fsf.org Git - KiwiIRC.git/commit

author	Jack Allnutt <m2ys4u@Gmail.com>
	Sat, 27 Oct 2012 08:10:31 +0000 (09:10 +0100)
committer	Darren <darren@darrenwhitlen.com>
	Sat, 27 Oct 2012 15:53:08 +0000 (16:53 +0100)
commit	a86e450a1a12bdffe9ce6d5c9b09d94df9a32931
tree	9209e3351e07d3296637c882b1dce23c9909d394	tree \| snapshot (zip tar.gz)
parent	7c7590eec122a0ee1bdd4d92d0ed28c2d2f76047	commit \| diff

SECURITY FIX: Kiwi is vulnerable to XSS attack due to unsanitised topic text. Issue #103

Changes the topic bar from an <input> to a <div contenteditable=true/>.

Also now uses Underscore's escape() method rather than .html().text() jQuery hack.

client/assets/css/style.css		diff \| blob \| blame \| history
client/assets/dev/view.js		diff \| blob \| blame \| history
client/index.html		diff \| blob \| blame \| history

RSS Atom