XSS vulnerability in src/doc/not_found.md #24872

XMPPwocky · 2015-04-27T20:51:48Z

Example: (copy into browser; Github URL-encodes URLs, which breaks this)
http://doc.rust-lang.org/std/trait.Any.html#method.hullo"><img src="nope" onerror="alert('hi');">

Method name should be sanitized properly.

The text was updated successfully, but these errors were encountered:

Fixes #24872.

Fixes rust-lang#24872.

steveklabnik added I-wrong T-rustdoc Relevant to the rustdoc team, which will review and decide on the PR/issue. labels Apr 27, 2015

chris-morgan added a commit to chris-morgan/rust that referenced this issue Apr 28, 2015

Fix rust-lang#24872, XSS in docs not found page.

928bd4f

chris-morgan mentioned this issue Apr 28, 2015

Fix #24872, XSS in docs not found page. #24881

Merged

bors added a commit that referenced this issue Apr 28, 2015

Auto merge of #24881 - chris-morgan:issue-24872, r=alexcrichton

364639e

Fixes #24872.

alexcrichton added a commit to alexcrichton/rust that referenced this issue Apr 29, 2015

rollup merge of rust-lang#24881: chris-morgan/issue-24872

8daf961

Fixes rust-lang#24872.

bors closed this as completed in #24881 Apr 30, 2015

steveklabnik pushed a commit to steveklabnik/rust that referenced this issue May 10, 2015

Fix rust-lang#24872, XSS in docs not found page.

720f586

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

XSS vulnerability in src/doc/not_found.md #24872

XSS vulnerability in src/doc/not_found.md #24872

XMPPwocky commented Apr 27, 2015

XSS vulnerability in src/doc/not_found.md #24872

XSS vulnerability in src/doc/not_found.md #24872

Comments

XMPPwocky commented Apr 27, 2015