Treat 'background' attributes the same way as 'src' (another XSS vulnerability)

author: thomascube <thomas@roundcube.net> 2009-01-20 16:28:33 +0000
committer: thomascube <thomas@roundcube.net> 2009-01-20 16:28:33 +0000
commit: 4cc74f726942d8570811f1e78db9a93a252435bf (patch)
tree: b9f100e62e877dd797a186a41c1dcfd26389d119 /CHANGELOG
parent: 76ecf147f669ca1ffb8a22fe8e6f03aba7269cac (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index f9ce6de9f..e8ce8272a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,10 @@
 CHANGELOG RoundCube Webmail
 ---------------------------
 
+2009/01/20 (thomasb)
+----------
+- Fix XSS vulnerability through background attributes as reported by Julien Cayssol
+
 2009/01/18 (alec)
 ----------
 - Fix problems with backslash as IMAP hierarchy delimiter (#1484467)
author	thomascube <thomas@roundcube.net>	2009-01-20 16:28:33 +0000
committer	thomascube <thomas@roundcube.net>	2009-01-20 16:28:33 +0000
commit	4cc74f726942d8570811f1e78db9a93a252435bf (patch)
tree	b9f100e62e877dd797a186a41c1dcfd26389d119 /CHANGELOG
parent	76ecf147f669ca1ffb8a22fe8e6f03aba7269cac (diff)