[Webkit-unassigned] [Bug 52747] [reviewtool] Add a link for annotated trac page on review page
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 19 18:41:42 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=52747
Adam Barth <abarth at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #79524|review? |review-
Flag| |
--- Comment #4 from Adam Barth <abarth at webkit.org> 2011-01-19 18:41:42 PST ---
(From update of attachment 79524)
View in context: https://bugs.webkit.org/attachment.cgi?id=79524&action=review
Screenshot? :)
> Websites/bugs.webkit.org/code-review.js:346
> + function tracLinksHtml(file_name, url_hash) {
> + return '<a href="http://trac.webkit.org/browser/trunk/' + file_name + '?annotate=blame' + url_hash + '" target="_blank">annotate</a>' +
> + '<a href="http://trac.webkit.org/log/trunk/' + file_name + '" target="_blank">revision log</a>';
> + }
You haz the XSS. file_name isn't trusted! Please use the DOM to construct these links.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list