Changes

Security/Reviews/Gaia/settings

270 bytes added, 21:17, 2 December 2013

→‎1. XSS & HTML Injection attacks

====1. XSS & HTML Injection attacks====

* js/languages.js:21: option.innerHTML = lEmbedBegin + languages[lang] + lEmbedEnd;

** languages[] comes from '/shared/resources/languages.json' so they are presumably safe. If an attacker can change/add languages to languages.json then this would be a legit injection.

====2. Secure Communications ====

Rfletcher

Confirm

353

edits

Changes

Security/Reviews/Gaia/settings

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools