On Apr 3, 2017, at 11:15 AM, Eduard <eduard.c.dumitre...@gmail.com> wrote: > > Evil-user then convinces > good-user to visit evilproject while logged into goodproject
Ah, I see. Yes, I agree now. >>> (Another way to fix it is by giving each repository a separate subdomain >> >> ...run as a chroot or jail, which would mitigate most of the problems you >> bring up, if not all. > > Sorry, by "it" in "Another way to fix it" I meant the XSS vulnerability. Yes, I’m just giving another way to solve the problem, until the ones you want solved get some developer attention. Running these repos in individual jails or chroots is a good idea anyway. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users