Hi, I just pushed out Werkzeug 0.8.3 which includes a security relevant fix against a potential XSS problem with redirect pages. The HTML generated for redirect pages was not escaping the redirect target properly. On the upside: Browser's are typically not rendering that HTML at all since the redirect happens directly but if the status code is later changed to something like 200 it might be exploitable.
It's very unlikely that it will be a problem but you can't never be sure enough. Regards, Armin -- You received this message because you are subscribed to the Google Groups "pocoo-libs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pocoo-libs?hl=en.
