[Tracker-discuss] [issue109] javascript injection?
Erik Forsberg
metatracker at psf.upfronthosting.co.za
Mon Mar 26 21:00:49 CEST 2007
Erik Forsberg added the comment:
As we've found that setting the content type of the file to text/plain helps
against this attack on Firefox, Safari and IE7, I've added an auditor that
changes text/html into text/plain. I also added a message on the file editing
page to inform the user.
For IE6, this fix unfortunately doesn't help. Poor IE6 users. However, combined
with other anti-spam measures taken, I think this is good enough.
----------
assignedto: -> forsberg
nosy: +forsberg
status: chatting -> resolved
_______________________________________________________
Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue109>
_______________________________________________________
More information about the Tracker-discuss
mailing list