From mboxrd@z Thu Jan  1 00:00:00 1970
From: john at keeping.me.uk (John Keeping)
Date: Sun, 12 Jan 2014 22:00:01 +0000
Subject: [PATCH 2/3] ui-shared: URL-escape script_name
In-Reply-To: <CAHmME9qsER=3a3EpKdrP=PaPvEFDuNEURrjCvVD7bWcz-xis8w@mail.gmail.com>
References: <432e1f40c0d887db602ec9411ae16c45896a54f5.1389555852.git.john@keeping.me.uk>
 <743715d4d544aac87ea7707e47eef6e115f908f5.1389555852.git.john@keeping.me.uk>
 <CAHmME9qsER=3a3EpKdrP=PaPvEFDuNEURrjCvVD7bWcz-xis8w@mail.gmail.com>
Message-ID: <20140112220000.GT7608@serenity.lan>

On Sun, Jan 12, 2014 at 10:18:30PM +0100, Jason A. Donenfeld wrote:
> Are there any circumstances in which this could have prior lead to an XSS?

I'm pretty sure this is entirely under the control of the system
administrator, so it should be fine.