Fix XSS reported on Security list...
Fix XSS reported on Security list
No CVE-ID yet
August 18, 2015
-----
Reported to Quantopian by Juan Broullón <thebrowfc@gmail.com>...
If you create a new folder in the iPython file browser and set
Javascript code as its name the code injected will be executed. So, if I
create a folder called "><img src=x onerror=alert(document.cookie)> and
then I access to it, the cookies will be prompted.
The XSS code is also executed if you access a link pointing directly at
the folder.
jik
------
