this is harmless: a user can xss themselves on deleting an ssh key
Bug #740160 reported by
David
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Critical
|
Deryck Hodge |
Bug Description
This is totally controlled / caused by the user... However, a bug is a bug so I am reporting this anyway.
A user needs to add an ssh key where the 'username' and the 'host' field are something like this:
'x<script>
and then delete the key.
When the key is deleted there is a dialogue telling the user that the key with $username @ $host has been deleted. In this message the username / host data is not escaped and so this is a potential (and harmless - it cannot alone be used to xss a random user and it is totally user triggered / involved) xss vector.
Related branches
lp://staging/~deryck/launchpad/xss-deleting-ssh-key-740160
- Brad Crittenden (community): Approve (code)
-
Diff: 59 lines (+26/-5)2 files modifiedlib/lp/registry/browser/person.py (+1/-1)
lib/lp/registry/browser/tests/test_sshkey.py (+25/-4)
Changed in launchpad: | |
status: | New → Triaged |
importance: | Undecided → Low |
Changed in launchpad: | |
status: | Triaged → In Progress |
assignee: | nobody → Deryck Hodge (deryck) |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
No such thing as harmless xss :)