The links displayed in the tests results to re-test a patch pose an XSS vulnerability.

Talked with hunmonk and he agreed and is willing to review patches. :)

Since links currently display to all authenticated users and only mark a patch for re-testing this doesn't pose a major threat, but a good habit to get into.

Comments

hunmonk’s picture

hunmonk commented
Status: Active » Fixed

http://drupal.org/cvs?commit=152194

deployed on p.d.o and d.o

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.