[ https://issues.apache.org/jira/browse/COUCHDB-1275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13213814#comment-13213814 ] 

Sam Bisbee commented on COUCHDB-1275:
-------------------------------------

Ah! Gotcha. :) Yeah, that crossed over into CSRF territory for me.
                
> Futon's recent database list doesn't decode slashes in database names
> ---------------------------------------------------------------------
>
>                 Key: COUCHDB-1275
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1275
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Futon
>    Affects Versions: 1.1
>            Reporter: Jan Lehnardt
>            Priority: Minor
>
> Create a database with a slash in it, futon will go to the database view automatically and add it to the recent databases list. the list will display the encoded %2f instead of the /
> Here's a quick fix: http://friendpaste.com/1WORPAfSY5MUyoisaAQtZB
> I tested it for XSS but I may have overlooked something and I'd appreciate a review.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira