Status

P1
normal
RESOLVED FIXED
8 years ago
4 years ago

People

(Reporter: clouserw, Assigned: smcarthur)

Tracking

({wsec-xss})

unspecified
Builder 0.9
wsec-xss

Details

(Whiteboard: [ftw])

Attachments

(1 obsolete attachment)

(Reporter)

Description

8 years ago
I uploaded a file named:

  "><a href="">test

After the second time I uploaded it I refreshed the page and the markup was broken.  I don't have an XSS proof of concept, but I assume it's in there.
(Reporter)

Comment 1

8 years ago
Created attachment 511308 [details] [diff] [review]
example file
(Reporter)

Comment 2

8 years ago
Comment on attachment 511308 [details] [diff] [review]
example file

bugzilla renamed this file (good work, bugzilla) so I can't give it as an example.
Attachment #511308 - Attachment filename: blah
Attachment #511308 - Attachment is obsolete: true
(Assignee)

Updated

8 years ago
Priority: -- → P1
Whiteboard: [ftw]
(Assignee)

Comment 3

8 years ago
fixed in master

https://github.com/mozilla/FlightDeck/commit/74835d1aee690d24dc07178a8eb264593980da1f
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.