Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
janpot
on Sept 15, 2021
|
parent
|
context
|
favorite
| on:
Username ending with MIME type format is not allow...
Don't know the details of the vulnerability, but from the comfort of my armchair, it sounds like it's being patched in the wrong location. e.g. It's better to fix an XSS issue by escaping the input, rather than restricting the values it can take.
boleary-gl
on Sept 15, 2021
[–]
It doesn't represent any XSS - the details are here:
https://gitlab.com/gitlab-org/gitlab/-/issues/26295
janpot
on Sept 17, 2021
|
parent
[–]
I was just using XSS as an analogy.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
