Jusy fyi, Chrome blocks it with this message: This page isn’t working Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers, and credit cards). Try visiting the site's homepage. ERR_BLOCKED_BY_XSS_AUDITOR
----- stephan Sent from a mobile device, possibly left-handed from bed. Please excuse brevity, typos, and top-posting. On Wed, Jun 6, 2018, 19:45 Kyle Shannon <k...@pobox.com> wrote: > On Wed, Jun 6, 2018 at 11:44 AM Richard Hipp <d...@sqlite.org> wrote: > > > > On 6/6/18, Kyle Shannon <k...@pobox.com> wrote: > > > Our security team found another XSS, shall I forward the link to the > list? > > > > Yes, please > > -- > > D. Richard Hipp > > d...@sqlite.org > > > https://www.fossil-scm.org/index.html/timeline?advm=0&chng=%3C/script%3E%3Cscript%3Ealert(150)%3C/script%3E&n=50&ss=c > > -- > Kyle > _______________________________________________ > fossil-dev mailing list > fossil-dev@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev > _______________________________________________ fossil-dev mailing list fossil-dev@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
