[FFmpeg-devel] [PATCH] fateserver/history: escape untrusted data

Michael Niedermayer michaelni at gmx.at
Mon Mar 3 03:43:57 CET 2014

On Sun, Mar 02, 2014 at 02:59:43PM -0800, Timothy Gu wrote:
> Fixes Cross-Site Script with:
> http://fate.ffmpeg.org/history.cgi?slot="><script>alert(1)</script>
> or equivalent.
> Signed-off-by: Timothy Gu <timothygu99 at gmail.com>
> ---
> HTML::Entities is already used in report.cgi so no new dependency is
> needed.



Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Complexity theory is the science of finding the exact solution to an
approximation. Benchmarking OTOH is finding an approximation of the exact
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140303/066bb5c7/attachment.asc>

More information about the ffmpeg-devel mailing list