HomePhabricator

Fix for XSS issue in bug 66608

Description

Fix for XSS issue in bug 66608

Generate the URL used for loading a new page in Javascript,
instead of relying on the URL in the link that has been clicked
(as that could have been crafted by an attacker).

Bug: 66608
Change-Id: I19e2bf3af017a37c35cbadce9a70194aac693f33

Details

Provenance
TgrAuthored on
MglaserCommitted on Jul 30 2014, 6:26 PM
Parents
rMWfe32899523cf: SECURITY: Prepend jsonp callback with comment
Branches
Unknown
Tags
Unknown
ChangeId
I19e2bf3af017a37c35cbadce9a70194aac693f33