MozillaWiki

Security/Reviews/Gaia/costcontrol: Difference between revisions

Page Discussion

Security/Reviews/Gaia/costcontrol (view source)

Revision as of 16:09, 25 September 2013

232 bytes removed ,  25 September 2013
→‎Suspicious but OK
Line 83: Line 83:
     ~/work/code/gaia/apps/costcontrol/js/settings/settings.js:131 - src.innerHTML = xhr.responseText;
     ~/work/code/gaia/apps/costcontrol/js/settings/settings.js:131 - src.innerHTML = xhr.responseText;
         -> XHR is fetching /debug.html which has no variable data
         -> XHR is fetching /debug.html which has no variable data
    ~/work/code/B2G/gaia/apps/costcontrol/js/fte.js:121 - if (window.location.hash) {
        - Does JS do inlining? If so, wouldn't a hash of alert(1) fire in that context?
        - "There is no implicit inling in JS" - dchan


====2. Secure Communications ====
====2. Secure Communications ====
Rfletcher
Confirmed users
353

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/715613"