##// END OF EJS Templates
Fix XSS reported on Security list...
Fix XSS reported on Security list No CVE-ID yet August 18, 2015 ----- Reported to Quantopian by Juan Broullón <thebrowfc@gmail.com>... If you create a new folder in the iPython file browser and set Javascript code as its name the code injected will be executed. So, if I create a folder called "><img src=x onerror=alert(document.cookie)> and then I access to it, the cookies will be prompted. The XSS code is also executed if you access a link pointing directly at the folder. jik ------
Matthias Bussonnier -
r21633:3ab41641
Show More
Name Size Modified Last Commit Author
/ IPython / testing
plugin
tests
__init__.py Loading ...
__main__.py Loading ...
decorators.py Loading ...
globalipapp.py Loading ...
iptest.py Loading ...
iptestcontroller.py Loading ...
ipunittest.py Loading ...
skipdoctest.py Loading ...
tools.py Loading ...