[
https://issues.apache.org/jira/browse/COUCHDB-1275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13212891#comment-13212891
]
Sam Bisbee commented on COUCHDB-1275:
-------------------------------------
Looks good to me.
Also, we aren't open to a lot of the XSS attacks due to our db naming
restrictions. That plus who you allow to create databases are the real safe
guards.
> Futon's recent database list doesn't decode slashes in database names
> ---------------------------------------------------------------------
>
> Key: COUCHDB-1275
> URL: https://issues.apache.org/jira/browse/COUCHDB-1275
> Project: CouchDB
> Issue Type: Bug
> Components: Futon
> Affects Versions: 1.1
> Reporter: Jan Lehnardt
> Priority: Minor
>
> Create a database with a slash in it, futon will go to the database view
> automatically and add it to the recent databases list. the list will display
> the encoded %2f instead of the /
> Here's a quick fix: http://friendpaste.com/1WORPAfSY5MUyoisaAQtZB
> I tested it for XSS but I may have overlooked something and I'd appreciate a
> review.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
