Issue 888288 link

Starred by 1 user

Issue metadata

Status:	Unconfirmed
Owner:	----
Cc:	chanli@chromium.org seanmccullough@chromium.org liaoyuke@chromium.org st...@chromium.org
Components:	Infra>Flakiness>Pipeline
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	----

Security: Reflected XSS

Reported by tthe.dol...@gmail.com, Sep 22

Issue description

POC: https://chromium-try-flakes-staging.appspot.com/search?q=%3Cimg%20src%3DX%20onerror%3Dalert(document.domain)%3E

Source:
infra/appengine/chromium_try_flakes/handlers/search.py
line 29:
self.response.write('No flake entry found for ' + search)

"search" needs to be escaped.

►

Issue 888288 link

Issue metadata

Security: Reflected XSS

Issue description

Sign in to add a comment