You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue:
We'd like to bring Narro back online on Mozilla servers; in the security review
we carried out for this, we found a number of issues which, while now resolved,
may not have been exploitable had Narro been more strict on validating input.
As it's entirely possible there are more issues, we'd love to see the input
validation improved.
Remediation:
Please ensure that, where possible, the application checks that the type, the
size and the format of input is valid. For more information on this, please
consult the Mozilla Secure Coding Guidelines:
https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Input_Validation
Thanks
Original issue reported on code.google.com by goodwins...@gmail.com on 2 May 2012 at 8:49
The text was updated successfully, but these errors were encountered:
It's not just a matter of restricting input, which I can't always do, it's
mostly a matter of escaping the input before being executed or displayed.
Because when you translate you should be able to enter whatever character you
want.
Original comment by alex...@gmail.com on 3 May 2012 at 5:35
Original issue reported on code.google.com by
goodwins...@gmail.com
on 2 May 2012 at 8:49The text was updated successfully, but these errors were encountered: