HomePhabricator

SECURITY: Don't execute another user's CSS or JS on preview

Description

SECURITY: Don't execute another user's CSS or JS on preview

Someone could theoretically try to hide malicious code in their user
common.js and then trick an admin into previewing it by asking for help.

Bug: T85855
Change-Id: I5a7a75306695859df5d848f6105b81bea0098f0a

Details

Provenance
AnomieAuthored on
csteippCommitted on Apr 1 2015, 4:55 PM
Parents
rMW63cf33d8252e: SECURITY: Set maximal password length for DoS
Branches
Unknown
Tags
Unknown
ChangeId
I5a7a75306695859df5d848f6105b81bea0098f0a