vcs.fsf.org Git - KiwiIRC.git/commit

author	Jack Allnutt <m2ys4u@Gmail.com>
	Sat, 27 Oct 2012 08:10:31 +0000 (09:10 +0100)
committer	Jack Allnutt <m2ys4u@Gmail.com>
	Sat, 27 Oct 2012 08:10:31 +0000 (09:10 +0100)
commit	e97816cf810f1ccc57d5f67697379eaeead8ce2b
tree	dca0f8b01bcac66942fa75a06c036f61e17e39c0	tree \| snapshot (zip tar.gz)
parent	28a333fbdb981a0406eb21610fa43d9b77f732d9	commit \| diff

SECURITY FIX: Kiwi is vulnerable to XSS attack due to unsanitised topic text. Issue #103

Changes the topic bar from an <input> to a <div contenteditable=true/>.

Also now uses Underscore's escape() method rather than .html().text() jQuery hack.

client/assets/css/style.css		diff \| blob \| blame \| history
client/assets/dev/view.js		diff \| blob \| blame \| history
client/index.html		diff \| blob \| blame \| history

RSS Atom