Is this a variable in a template whose value is controlled by (always
untrusted) user-supplied input?
Maybe I've misread the vuln report?
Doesn't this apply to any website? I.e. a person can edit the HTML of any
page with developer tools and add code wherever.
AFAIU, Users can XSS themselves
Hey Victor,
I'm sending this reply to pydotorg-www@, since it is they who handle
updating the web site.
webmaster@ is a common destination for such queries, but all we can do is
what I've just done in most cases.
Kind regards,
Steve Holden
On Fri, Jan 10, 2020 at 5:03 PM Victor Stinner
