projects / squirrelmail.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f258865) | patch
Security: fixes for the HTML filter to counter further XSS exploits:
authorkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Wed, 9 May 2007 14:01:13 +0000 (14:01 +0000)
committerkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Wed, 9 May 2007 14:01:13 +0000 (14:01 +0000)
commit567dc5244e08bf50998e3ac590c64674b72de53d
tree473e9137020d7c026e2a86dd9c098a5eccdb58cctree | snapshot (zip tar.gz)
parentf258865ca7ffb4f19de9f6c656ba64748d1e6072commit | diff
Security: fixes for the HTML filter to counter further XSS exploits:
HTML attachments containing 'data:' URLs, Internet Explorer-specifc
charset conversion exploits, and request forgery through included
images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
for reporting these issues. [CVE-2007-1262]

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@12371 7612ce4b-ef26-0410-bec9-ea0150e637f0
ChangeLog diff | blob | blame | history
functions/mime.php diff | blob | blame | history
src/compose.php diff | blob | blame | history
src/view_text.php diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.