An XSS Vulerability In The Making
This article was originally published at Planet PHP
on 7 March 2012.
Back in September, Socorro received a security bug relating to the method we were using for processing inputs for the duration of certain reports. The vulnerability included a proof of concept, with an alert box popping up on production when the link was followed. The Vulnerability I was quite surprised at the root cause of [...]