partify icon indicating copy to clipboard operation
partify copied to clipboard
verified publisher icon fhats

Stored XSS in Display Name Field

Open HenryHoggard opened this issue 12 years ago • 2 comments

Tested with , potential security risk

HenryHoggard avatar Jan 23 '13 00:01 HenryHoggard

Hi Henry,

Thanks for bringing this up. Partify is intended to be used in a secured network situation with people you trust. I took virtually no security considerations into account because I locked down my wi-fi and I use the software with friends. This software is not intended to be used on the open internet.

Whenever I get around to porting it to a framework like Pyramid, I'll be paying more attention to making issues like this go away because that would be one of the fundamental reasons to move off of Flask (although at the rate I'm developing this project that day may never come).

If you are using the project, I'd love to hear about it! To my knowledge I'm the only one that still runs this piece of software :)

fhats avatar Jan 23 '13 01:01 fhats

Its great, we use it in our lounge all the time for music.

HenryHoggard avatar Feb 26 '13 00:02 HenryHoggard