On Apr 3, 2017, at 11:15 AM, Eduard <eduard.c.dumitre...@gmail.com> wrote:
> 
> Evil-user then convinces
> good-user to visit evilproject while logged into goodproject

Ah, I see.  Yes, I agree now.

>>> (Another way to fix it is by giving each repository a separate subdomain
>> 
>> ...run as a chroot or jail, which would mitigate most of the problems you 
>> bring up, if not all.
> 
> Sorry, by "it" in "Another way to fix it" I meant the XSS vulnerability.

Yes, I’m just giving another way to solve the problem, until the ones you want 
solved get some developer attention.

Running these repos in individual jails or chroots is a good idea anyway.
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Reply via email to