##// END OF EJS Templates
Fix XSS reported on Security list...
Fix XSS reported on Security list No CVE-ID yet August 18, 2015 ----- Reported to Quantopian by Juan Broullón <thebrowfc@gmail.com>... If you create a new folder in the iPython file browser and set Javascript code as its name the code injected will be executed. So, if I create a folder called "><img src=x onerror=alert(document.cookie)> and then I access to it, the cookies will be prompted. The XSS code is also executed if you access a link pointing directly at the folder. jik ------
Matthias Bussonnier -
r21633:3ab41641
Show More

Documenting What's New

When making a new pull request that either adds a new feature, or makes a
backwards-incompatible change to IPython, please add a new .rst file in this
directory documenting this change as a part of your Pull Request.

This will allow multiple Pull Requests to do the same without conflicting with
one another. Periodically, IPython developers with commit rights will run a
script and populate development.rst
with the contents of this directory, and clean it up.

Files which describe new features can have any name, such as
antigravity-feature.rst, whereas backwards incompatible changes must have
have a filename starting with incompat-, such as
incompat-switching-to-perl.rst. Our "What's new" files always have two
sections, and this prefix scheme will make sure that the backwards incompatible
changes get routed to their proper section.

To merge these files into :file:whatsnew/development.rst, run the script :file:tools/update_whatsnew.py.