stable

Clone or download

Read-only

Self-XSS when fully displaying a SSH key

Reproduction steps: 1. Go to your preferences in the "Keys & Tokens" section 2. Add a new SSH key with this content: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO2m55RysmAuqX4RiCRIH2g2V8cbAGz/BKBFCHviQ01L <img src=a onerror=alert(1)>" 3. Click on the key in the table Issue introduced by 8ee7305214ab1dc17a865e556026d815278e4430. Part of story #14552: User preferences goes Burning Parrot Change-Id: I60738a759776430b7c4a5698dd6fd8b4ee517d0e

Modified Files

Name
M src/www/scripts/account/keys-tokens.ts +1 −1 Go to diff View file