- Use '/' key to quickly access this field.
- Enter a name of repository, or repository group for quick search.
- Prefix query to allow special search:
user:admin, to search for usernames, always global
user_group:devops, to search for user groups, always global
pr:303, to search for pull request number, title, or description, always global
commit:efced4, to search for commits, scoped to repositories or groups
file:models.py, to search for file paths, scoped to repositories or groups
For advanced full text search visit: repository search
Fix XSS reported on Security list
No CVE-ID yet
August 18, 2015
-----
Reported to Quantopian by Juan Broullón <thebrowfc@gmail.com>...
If you create a new folder in the iPython file browser and set
Javascript code as its name the code injected will be executed. So, if I
create a folder called "><img src=x onerror=alert(document.cookie)> and
then I access to it, the cookies will be prompted.
The XSS code is also executed if you access a link pointing directly at
the folder.
jik
------
