couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ksnavely <...@git.apache.org>
Subject [GitHub] couchdb pull request: Use <%- when interpolating XSS targets
Date Thu, 01 May 2014 19:18:20 GMT
GitHub user ksnavely opened a pull request:

    https://github.com/apache/couchdb/pull/219

    Use <%- when interpolating XSS targets

    See the JIRA: https://issues.apache.org/jira/browse/COUCHDB-2232

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ksnavely/couchdb 30460-XSS-substitutions

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/couchdb/pull/219.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #219
    
----
commit 5e63892323139c62fbb9194d3f287fb8e829f1cb
Author: Kyle Snavely <ksnavely@cloudant.com>
Date:   2014-05-01T15:57:42Z

    Use <%- when interpolating XSS targets
    
      - I tried to not be super heavy handed, only using <%- for values that
        could be set with XSS payloads or otherwise come from a user/data.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message