I uploaded a file named: "><a href="">test After the second time I uploaded it I refreshed the page and the markup was broken. I don't have an XSS proof of concept, but I assume it's in there.
Comment on attachment 511308 [details] [diff] [review] example file bugzilla renamed this file (good work, bugzilla) so I can't give it as an example.
fixed in master https://github.com/mozilla/FlightDeck/commit/74835d1aee690d24dc07178a8eb264593980da1f
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.