[OpenStreetMap] #5436: without javascript the message preview button sends the message
OpenStreetMap
trac at noreply.openstreetmap.org
Wed Nov 30 21:00:29 UTC 2016
#5436: without javascript the message preview button sends the message
----------------------------------+-------------------------
Reporter: aseerel4c26 | Owner: rails-dev@…
Type: defect | Status: new
Priority: minor | Milestone:
Component: website | Version:
Keywords: UI messaging privacy |
----------------------------------+-------------------------
0. Use Firefox with Javascript disabled
1. On https://www.openstreetmap.org/message/new/$whateverusernamehere
2. type in a subject and message.
3. Click "preview"
Actual: sends the message.
Expected: preview is shown or nothing happens
This could lead to unintended disclosure of private details or at least
half-finished messages being sent.
Thank you!
--
Ticket URL: <https://trac.openstreetmap.org/ticket/5436>
OpenStreetMap <http://www.openstreetmap.org/>
OpenStreetMap is a free editable map of the whole world
More information about the rails-dev
mailing list