Details

    Description

      problem

      What was completely forgotten when implementing TRANSLATE-283 was the possibility that filenames (workfiles / reference files / etc. pp) are also vulnerable for PXSS attacks.

      First we need a concept how to fix that, the concept can then go into a new t5dev issue. The issue should be converted into a TRANSLATE-issue right before release, so that we do not publish about security issues before release.

      Attachments

        Issue Links

          Activity

            Loading...

            Details

              Description

                problem

                What was completely forgotten when implementing TRANSLATE-283 was the possibility that filenames (workfiles / reference files / etc. pp) are also vulnerable for PXSS attacks.

                First we need a concept how to fix that, the concept can then go into a new t5dev issue. The issue should be converted into a TRANSLATE-issue right before release, so that we do not publish about security issues before release.

                Attachments

                  Issue Links

                    Activity

                      People

                        sanya@mittagqi.com Sanya Mikhliaiev
                        tlauria Thomas Lauria
                        Thomas Lauria
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        2 Start watching this issue

                        Dates

                          Created:
                          Updated:
                          Resolved:

                          People

                            sanya@mittagqi.com Sanya Mikhliaiev
                            tlauria Thomas Lauria
                            Thomas Lauria
                            Votes:
                            0 Vote for this issue
                            Watchers:
                            2 Start watching this issue

                            Dates

                              Created:
                              Updated:
                              Resolved: