Comment 25 for bug 1308727
Revision history for this message
| Gabriel Hurley (gabriel-hurley) wrote Re: XSS in Horizon Heat template - resource name | #25 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Forgot to add the "long-term" part of that comment... long term we need to move away form reading these values out of the DOM entirely. JSON should stay JSON and should be loaded as such via AJAX or websockets. Then a proper client-side templating library can be used to construct these elements and sanitizing can be done in a standardized fashion.