Skip to content
This repository has been archived by the owner on Jan 29, 2019. It is now read-only.

Potential for XSS #1

Open
edent opened this issue Oct 24, 2014 · 0 comments
Open

Potential for XSS #1

edent opened this issue Oct 24, 2014 · 0 comments

Comments

@edent
Copy link

edent commented Oct 24, 2014

Performing a search for something like <script> alert("hi");</script> will cause that JavaScript to be injected into the page.

I saw this happen on the CAB site

cab xss example

It would probably be worth ensuring all user input is sanitised before being added to the page. Perhaps around https://github.com/edds/display-screen/blob/master/public/javascripts/search.js#L100
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@edent