Enough already.
I've got to ask.
Just what is a Mavo script/expression?
And what makes it so (potentially) bad?
Mavo
Mavo
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.1 Lightning/5.4
Re: Mavo
(Not that I would know, but search turns up this and a bunch of obviously-irrelevant stuff - https://mavo.io/)
*Always* check the changelogs BEFORE updating that important software!
-
Re: Mavo
If you're referring to the v5.0.5 changelog entry, then I'm guessing that Mavo (yes, mavo.io), which allows editing of pages via a browser, uses specific syntax to represent changes to pages. And that syntax would (naturally) allow a page to be changed in a way that would insert scripts. And since it's not normal HTML, it would previously have bypassed the XSS filter.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0