projects / catagits/Catalyst-Plugin-Session.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2790acd)
Session: encode HTML entities in error
authorMichael McClimon <michael@mcclimon.org>
Tue, 4 Dec 2018 16:41:38 +0000 (11:41 -0500)
committerJohn Napiorkowski <jjn1056@yahoo.com>
Thu, 6 Dec 2018 02:20:44 +0000 (20:20 -0600)
commit88d1b599e1163761c9bd53bec53ba078f13e09d4
treec194926c686e4e5aab106a47c9fb72e8f9f361a8tree | snapshot
parent2790acd4de4b615e5353d69c09ca0f2f44b1654fcommit | diff
Session: encode HTML entities in error

Without this, it's possible to self-XSS by trying to set a session id to
something like `</script><svg/onload='alert("xss")'>`.
lib/Catalyst/Plugin/Session.pm diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.