Page 1 of 1
[RESOLVED] Google hangout/chat XSS issue
Posted: Mon Dec 30, 2013 4:24 am
by cef
Just noticed that 2.6.8.9rc5 and 2.6.8.9 (final) both seem to pick up Google's newer hangout/chat system as an XSS issue. Happens when on Google Plus and Gmail.
2.6.8.9rc4 works fine, so I suspect the [XSS] Stricter HTML checks change in 2.6.8.9rc5 is what's causing it to trip.
If you need logs, just ask.
Re: Google hangout/chat XSS issue
Posted: Mon Dec 30, 2013 8:57 am
by cef
Just a FYI to anyone following, I've forwarded logs by email to Giorgio to examine.
Re: Google hangout/chat XSS issue
Posted: Mon Dec 30, 2013 5:30 pm
by qwerty017
Cool. Thought I was the only one having this.
Re: Google hangout/chat XSS issue
Posted: Mon Dec 30, 2013 9:14 pm
by Giorgio Maone
Please check
latest development build 2.6.8.10rc1, thanks.
Re: [RESOLVED] Google hangout/chat XSS issue
Posted: Mon Dec 30, 2013 10:56 pm
by cef
Works well. Thank you very much for such a quick turn-around, especially at this time of year.
Re: [RESOLVED] Google hangout/chat XSS issue
Posted: Tue Dec 31, 2013 10:55 am
by markpud
Hi.. came to report this issue too. Have now installed the dev build V. 2.6.8.10rc1 and this has fixed the issue for me too. Thanks!