[Security Issue] The offending XSS code is still in the repository.

Question

[Security Issue] The offending XSS code is still in the repository.

AlexanderOMara opened this issue 9 years ago · 1 comments

The code that was removed for the XSS vulnerability is still in the repository.

source/fontcustom-templates/.svn/text-base/example.html.svn-base

Thankfully it is inside a dot folder and does not have the .html extension but, depending on the server configuration, it might be possible to coerce the browser to render it as HTML. Some servers might even serve the file with the text/html Content-Type.

Answer 1 · 2015-05-08T07:02:31.000Z

Thanks for reporting this! I have removed the files now, they should'nt have been there in the first place.