problem

What was completely forgotten when implementing ~~TRANSLATE-283~~ was the possibility that filenames (workfiles / reference files / etc. pp) are also vulnerable for PXSS attacks.

First we need a concept how to fix that, the concept can then go into a new t5dev issue. The issue should be converted into a TRANSLATE-issue right before release, so that we do not publish about security issues before release.

Attachments

Issue Links

relates to

TRANSLATE-3960 Test PXSS in all input fields of the application

Done

Activity

Loading...

Details

Type: Task
Resolution: Fixed
Fix Version/s: translate5 - 7.6.0
Affects Version/s: None
Component/s: Import/Export

Urgency:
Critical
ChangeLog Description:
Fixed XSS issues in filenames
URL to task or project:
https://jira.translate5.net/browse/T5DEV-300
Checklist:

Empty

show more show less

Description

problem

What was completely forgotten when implementing ~~TRANSLATE-283~~ was the possibility that filenames (workfiles / reference files / etc. pp) are also vulnerable for PXSS attacks.

First we need a concept how to fix that, the concept can then go into a new t5dev issue. The issue should be converted into a TRANSLATE-issue right before release, so that we do not publish about security issues before release.

Attachments

Issue Links

relates to

TRANSLATE-3960 Test PXSS in all input fields of the application

Done

Activity

People

Assignee:: Sanya Mikhliaiev

Reporter:: Thomas Lauria

Peer developer:: Thomas Lauria

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Nov/2023 03:28

Updated:: 19/Jun/2024 04:48

Resolved:: 29/Jan/2024 12:47

Prevent PXSS in filenames

Details

Description

problem

Attachments

Issue Links

Activity

Prevent PXSS in filenames

Details

Description

problem

Attachments

Issue Links

Activity

People

Dates

People

Dates