projects / KiwiIRC.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3634425) | patch
Patching XSS vulnerability
authorPseudochu <pseudochu@gmail.com>
Fri, 13 Jun 2014 17:08:20 +0000 (20:08 +0300)
committerPseudochu <pseudochu@gmail.com>
Fri, 13 Jun 2014 17:08:20 +0000 (20:08 +0300)
commitc67de46d6cee08f10d65984746fe5a153f02bd27
treee11c2a3a6e100c38dc2eab3d608e7177f2d5d535tree | snapshot (zip tar.gz)
parent363442577c6fb03962ef3f944983535e113f450dcommit | diff
Patching XSS vulnerability

The following message produces a clickable link that triggers JavaScript when clicked (pre-patch):
javascript://www.google.com/?%0Aalert(0);

Patch was designed to prevent this while maintaining support for arbitrary link protocols.
client/src/views/channel.js diff | blob | blame | history