Closed
Bug 826891
Opened 12 years ago
Closed 11 years ago
alert() is fired on demo page
Categories
(developer.mozilla.org Graveyard :: Demo Studio / Dev Derby, defect)
developer.mozilla.org Graveyard
Demo Studio / Dev Derby
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 828631
People
(Reporter: stephend, Unassigned)
References
()
Details
(Whiteboard: [site:developer.allizom.org])
Attachments
(1 file)
|
1.36 MB,
image/png
|
Details |
Screenshot showing potential XSS alert() issue
https://developer.allizom.org/en-US/demos/detail/img-srcx-onerrorconfirm3/launch alert()s a "1" integer -- not sure if it should, or not.
|
Reporter | |
Updated•12 years ago
|
|
|
Reporter | |
Comment 1•12 years ago
|
||
cc:ing Mario, because this is his content.
|
||
Comment 2•12 years ago
|
||
That's caused because of the "demo" sent has a html that is showed as origin https://developer.allizom.org. So that can result in persistent xss (In reply to Stephen Donner [:stephend] from comment #1) > cc:ing Mario, because this is his content.
|
|
||
Comment 3•11 years ago
|
||
I have filed the bug 828631 with more informations and pocs. Please close this as duplicate of bug 828631. Thanks!
|
||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
|
||
Updated•11 years ago
|
Whiteboard: [site:developer.allizom.org]
|
||
Comment 5•8 years ago
|
||
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
|
||
Updated•4 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•