Sustaining xss fixes #228
Sustaining xss fixes #228
Conversation
|
@taniwha, is there an upstream commit for this second fix? If so, please drop this one and use |
|
@Agrendalath that would apply to all these PRs, right? |
|
@taniwha, that's correct. |
taniwha
force-pushed
the
agrendalath/bb-2779-xss-patches
branch
from
81ce7d3
to
db0ce9c
Compare
|
@Agrendalath, except for the 3704eb2 commit, I don't see pointers to where the other commits are cherry-picked from and how they are related to the reported security issues and the corresponding fixes. Do you have any context about this? |
lgp171188
force-pushed
the
agrendalath/bb-2779-xss-patches
branch
from
a8500fa
to
c048164
Compare
This commit contains xsslint fixes for the following Jira Tickets: PROD-1661 PROD-1663 PROD-1665 PROD-1727 PROD-1729 PROD-1731 PROD-1732 PROD-1795 (cherry picked from commit 0e45ecb)
PROD-1725 PROD-1726 PROD-1617
This reverts commit 2fe8003.
1. PROD-1603 2. PROD-1605 3. PROD-1612 4. PROD-1619 5. PROD-1289 6. PROD-1530 7. PROD-1525 8. PROD-1534 (cherry picked from commit d9e0ca5)
…Languages (#240) * Fix issue caused by XSS fix in Video > Advanced > Transcript Languages * change append to prepend Co-authored-by: pkulkark <[email protected]> (cherry picked from commit 6eeb1846e260173d5e327aa600f5c3897220fd31)
lgp171188
force-pushed
the
agrendalath/bb-2779-xss-patches
branch
from
c048164
to
1818f76
Compare
|
@lgp171188, I suppose this question is no longer relevant after your force push? |
@Agrendalath, those commits still don't have any reference to upstream PRs. So I my question is still relevant. But since all those commits are from someone outside OpenCraft, it is obvious that they are cherry-picks from upstream and I am okay with merging this PR as-is. |
|
@Agrendalath, if you are okay with the changes in this PR, can you approve it? CC @kaizoku |
|
👍
|
This is a cherry-pick of a patch fixing XSS vulnerabilities (edx/edx-platform#24568).