[Rabbit-dev] cross-site-scripting vulnerabiltiy
Jeff Adamson
jwa at urbancode.com
Thu Feb 25 22:19:26 CET 2010
Couple quick questions:
1) is there a public (readonly) source repository for this or is it just
available as individual tar.gz downloads
2) src/rabbit/proxy/StandardResponseHeaders:148 needs to escape/encode the
url. Currently this is a
http://en.wikipedia.org/wiki/Cross-site_scripting#Non-persistentvulnerability.
This appears to be present in both the 3.x and 4.x series up
through the current one release.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://khelekore.org/pipermail/rabbit-dev/attachments/20100225/4f244c92/attachment-0002.html>
More information about the Rabbit-dev
mailing list