Re: [Sks-devel] Fwd: CVE request: SKS non-persistent XSS

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 05/03/2014 12:29 AM, Daniel Kahn Gillmor wrote:
> On 05/02/2014 06:24 PM, Kristian Fiskerstrand wrote:
>> Plerror is local logging and not passed to a web client
> 
> In that case, why use html_quote s for the arguments to plerror
> when handling Bad_request ?
> 
> Thanks for such a quick response,

You are correct, I've reviewed the aforementioned commit and the
change re plerror in line 370 isn't strictly necessary, however, it
won't do any harm either :)

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"The power of accurate observation is commonly called cynicism by
those who have not got it."
George Bernard Shaw
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTZQPkAAoJEPw7F94F4TagSHIP/1adeGPdyttwuz2VHPpkV2zB
GvZzCqgnY6hML69eNTSin7klexUCyVAL0iCrLZUFQIpncbrqerzxI1XfBVujLsgt
GcvcrLs/0UQ7L4s4giM/k5TJ7BJe0I4sHq1iAWONOZlnYk1cSWw188mm3pK4scGx
oEnQGkbF/xxU1hUoRSB8xfC7wphQmLzWKM/ajI/86RzOmNmqCJncMRBQuW3zlPLD
rGPZUpM/S0R4/BMqZilpkTk9uneBcnCL/lJUoBAWBSHaFC5WXQvymAHIvNK6ZGWF
66MEGcWAMSRHLs84IZC5k76+2Bqy4TbdA3ZWQnoci3c0Gdd4OXDhSHN8WcceDia+
OlZzLniYCDK1d4D1mbQyYA+GzXFOd8R6tT2kKnhfAiaBJZtsSpnS/zjPVn991eYc
5mifvV6nIgSWUOjCyXWi/C/KAvbkITrVxhjk/+NbwENq3LHPprcHXVbHNwfZCHqg
XgjE3u/xIzW+Pd0dRhXtC/B9aR3CDRLyArpsKQxXuXl8vipgdbNkMkM+njgnWfWS
VbzIUZPl8b1Ekjbh8meu5yCQJhcxQAndamLB3bRLS5ChqjviIaP1e/HN7cHSFqTM
JWUW45FA4XMfj6mAq0T24krVvfIzrQoEeEg0cJKFr/r7tKH4uskuF0CePvlvZ03q
UQDIim2Of5lWaZxuGdlf
=ptMd
-----END PGP SIGNATURE-----