HomePhabricator

SECURITY: Don't execute another user's CSS or JS on preview

Description

SECURITY: Don't execute another user's CSS or JS on preview

Someone could theoretically try to hide malicious code in their user
common.js and then trick an admin into previewing it by asking for help.

Bug: T85855
Change-Id: I5a7a75306695859df5d848f6105b81bea0098f0a

Details

Provenance
AnomieAuthored on
csteippCommitted on Mar 30 2015, 8:34 PM
Parents
rMW2c0c29224bb1: SECURITY: Set maximal password length for DoS
Branches
Unknown
Tags
Unknown
ChangeId
I5a7a75306695859df5d848f6105b81bea0098f0a