Ben Caradoc-Davies created an issue |
Issue Type: |
Bug |
---|---|
Affects Versions: |
2.6-RC1, 2.6-RC2 |
Assignee: |
|
Components: |
WMS |
Created: |
26/Aug/14 4:25 AM |
Priority: |
Major |
Reporter: |
Arbitrary bytes can be injected into the locator element in a WMS exception:
Ben Caradoc-Davies commented on
GEOS-5318 :
Jukka, which script did you test? The openlayers example above or Mats’ example, which was like this?:
(Test link based on one provided by Victor Tey.)
GEOS-5318 :
The OpenLayers example after “Here’s an example:” That shows only an OpenLayers map but the other one by Victor Tey indeed shows a text box “xss” with Firefox 31.0
This message was sent by Atlassian JIRA (v6.1.6#6162-sha1:7af547c) |