HomePhabricator

(bug 42202) Validate preference values in action=options
385342c6aea9Unpublished

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(bug 42202) Validate preference values in action=options

Previously, there was no validation whatsoever and the module would
happily write any preference you asked it to. This, combined with the
fact that the code using the 'editfont' preference didn't perform any
validation or escaping, led to a CSS injection vulnerability.

Change-Id: I3da32a2110b6f782ae1a62b0624c3d71af528fa2

Details

Provenance
CatropeAuthored on
csteippCommitted on Nov 30 2012, 1:22 AM
Parents
rMW6790a0ce962f: (bug 42202) Validate editfont before embedding it in CSS
Branches
Unknown
Tags
Unknown
ChangeId
I3da32a2110b6f782ae1a62b0624c3d71af528fa2