[Issue 17391] SECURITY: XSS through DDOC comments
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Wed May 10 14:55:21 PDT 2017
https://issues.dlang.org/show_bug.cgi?id=17391
--- Comment #5 from Vladimir Panteleev <thecybershadow at gmail.com> ---
(In reply to Cédric Picard from comment #4)
> Not at all, while what you describe is the most common case there are many
> things that are possible through XSS that do not target the current domain.
Could you provide some examples which would be applicable to us?
> Given how DDOC
> works I don't think it is fixable at all if not dropping all support for
> inlined html which I didn't realize was an issue at the time.
>
> I suppose it's a won't fix, at least a bug report will be there for the next
> person to discover this.
Yep, I think documenting this is the immediate fix.
--
More information about the Digitalmars-d-bugs
mailing list