MozillaWiki

Security/Reviews/Gaia/Video: Difference between revisions

Page Discussion

Security/Reviews/Gaia/Video (view source)

Revision as of 01:59, 21 February 2013

301 bytes added ,  21 February 2013
→‎1. XSS & HTML Injection attacks
Line 81: Line 81:


====1. XSS & HTML Injection attacks====
====1. XSS & HTML Injection attacks====
No XSS or Injection vulnerabilities have been found in the code.
Additionally I have tried the following:
* Inject HTML in the names of video files (/mnt/sdcard/videos/"<h1>Hello"
* Inject HTML in the meta-data of .mp4 files
Neither propagated to the UI. Well, it did but it was properly escaped.


====2. Secure Communications ====
====2. Secure Communications ====
St3fan
Confirmed users
971

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/524935"