Forums : Technical Issue Help
Dear Open Hub Users,
We’re excited to announce that we will be moving the Open Hub Forum to
https://community.blackduck.com/s/black-duck-open-hub.
Beginning immediately, users can head over,
register,
get technical help and discuss issue pertinent to the Open Hub. Registered users can also subscribe to Open Hub announcements here.
On May 1, 2020, we will be freezing https://www.openhub.net/forums and users will not be able to create new discussions. If you have any questions and concerns, please email us at
[email protected]
XSS vulnerability when displaying commit message on contributors page
Hey Guys,
This is more of a bug report than a question. I discovered this bug when viewing my contribution to fez here:
https://www.ohloh.net/p/fez/contributors/149567941188482
Where there is a br tag in the commit message. Click on the purple dot, and the linked text is not sanitised - the br tag is interpreted as HTML.
I have tested this further with a script tag here (it's just an alert):
https://www.ohloh.net/p/ohlohxsstest/contributors/2507867911652492
Click on the purple dot indeed triggers an alert.
Cheers,
Brett
Having claimed the commit, the latter address has now changed to: https://www.ohloh.net/p/ohlohxsstest/contributors/2507865763945346