Kuma: RSS - Attempted XSS can cause funky output in RSS feed

RESOLVED WONTFIX

Status

P3
normal
RESOLVED WONTFIX
6 years ago
3 months ago

People

(Reporter: sheppy, Unassigned)

Tracking

({in-triage, wsec-xss})

Details

(Reporter)

Description

6 years ago
Attempts at XSS (such as a title of "User:x002'>"><img src=x onerror=alert(1)>") can cause completely borked output in the RSS feed of changes.
Could be HTML in general.
Priority: -- → P2
(Assignee)

Updated

6 years ago
Version: Kuma → unspecified
(Assignee)

Updated

6 years ago
Component: Website → Landing pages
Product: Mozilla Developer Network → Mozilla Developer Network
Component: Landing pages → Design / user experience
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss

Updated

5 years ago
Component: Design / user experience → General
Is this still happening, sheppy?
Component: General → Security
Flags: needinfo?(eshepherd)
Priority: P2 → P3
Wontfix until someone comes up with a reasonable example.
Status: NEW → RESOLVED
Last Resolved: 3 months ago
Flags: needinfo?(eshepherd)
Keywords: in-triage
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.