DOM injection vulnerability in NoteBox.expand_macro()
|Reported by:||Alex Willmer||Owned by:||Ryan J Ollos|
|Cc:||Ryan J Ollos||Trac Release:||0.11|
Attached is a patch that removes the use of StringIO and should make the macro safe for use.
Change History (4)
comment:1 Changed 5 years ago by
|Owner:||changed from gruenebe to Ryan J Ollos|
|Status:||new → assigned|