#8839: comment in rating can be arbitrary code (e.g. js)
-------------------------------------------------+-------------------------
Reporter: aliajouz | Owner: aliajouz
Type: defect | Status: new
Priority: critical | Milestone:
Component: notebook | Resolution:
Keywords: | Merged in:
Authors: | Reviewers:
Report Upstream: Reported upstream. Developers | Work issues:
acknowledge bug. | Commit:
Branch: | Stopgaps:
Dependencies: |
-------------------------------------------------+-------------------------
Changes (by kcrisman):
* priority: major => critical
* author: ali ajouz =>
* type: enhancement => defect
* upstream: N/A => Reported upstream. Developers acknowledge bug.
Comment:
Oh yeah, this is terrible! Thank you for bringing this to our attention -
definitely a security problem, though relatively minor since hardly anyone
actually uses the ratings.
https://github.com/sagemath/sagenb/issues/318
--
Ticket URL: <http://trac.sagemath.org/ticket/8839#comment:3>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-trac.
For more options, visit https://groups.google.com/d/optout.
