[openstreetmap-website] Create a block on a user with a particular combination of chevrons in name, JS in name executes. (#1027)
SomeoneElseOSM
notifications at github.com
Fri Aug 7 13:21:08 UTC 2015
I recently created block https://www.openstreetmap.org/user_blocks/777
As the block was created the "onerror=alert(1)" in the name fired.
---
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1027
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20150807/9d6ae09c/attachment.html>
More information about the rails-dev
mailing list