common/djangoapps/util/tests · f6731342de5b7bea22d9b450b484a53c5234e4e2 · edx / edx-platform

Fixing email link injection bug · f351b050

Several templates used a variable set by the user (the request host header).  This led to a vulnerability where an attacker could inject their domain name into these templates (i.e., activation emails).  This patch fixes this vulnerability.

LMS-532

committed Dec 18, 2013

f351b050

Name	Last commit	Last update
..
__init__.py		Loading commit data...
test_json_request.py		Loading commit data...
test_memcache.py		Loading commit data...
test_request.py		Loading commit data...
test_sandboxing.py		Loading commit data...
test_string_utils.py		Loading commit data...
test_submit_feedback.py		Loading commit data...