vcs.fsf.org Git - KiwiIRC.git/commit

author	Jack Allnutt <m2ys4u@Gmail.com>
	Sat, 27 Oct 2012 08:10:31 +0000 (09:10 +0100)
committer	Darren <darren@darrenwhitlen.com>
	Sat, 27 Oct 2012 12:09:46 +0000 (13:09 +0100)
commit	cee337bb57e62637ff0dc0a4a645d792a8755aa7
tree	ea2965a1f2be32e7ec16700ddabae1c0f210a8dd	tree \| snapshot (zip tar.gz)
parent	c6e3ed448dbdf7f1e6bc7810c27ea5086df74b7e	commit \| diff

SECURITY FIX: Kiwi is vulnerable to XSS attack due to unsanitised topic text. Issue #103

Changes the topic bar from an <input> to a <div contenteditable=true/>.

Also now uses Underscore's escape() method rather than .html().text() jQuery hack.

client/assets/css/style.css		diff \| blob \| blame \| history
client/assets/dev/view.js		diff \| blob \| blame \| history
client/index.html		diff \| blob \| blame \| history

RSS Atom