Home Explore Help
Sign In
vaeringjar
/
id.ly
Watch 2
Star 1
Fork 0
Files Issues 10 Pull Requests 0
Labels Milestones
New Issue

#11 Update the hyperlink/deeplink bouncer code itself

Closed
opened 6 years ago by vaeringjar · 2 comments
vaeringjar commented 6 years ago

I think this might have an XSS vulnerability; need to sanitize the user input.

https://notabug.org/vaeringjar/id.ly/src/debian9-android/src/remote/index.php

I think this might have an XSS vulnerability; need to sanitize the user input. https://notabug.org/vaeringjar/id.ly/src/debian9-android/src/remote/index.php
vaeringjar commented 6 years ago
Owner

PHP's FILTER_SANITIZE_EMAIL should probably take care of the worst.

Anything else can just hard fail.

PHP's `FILTER_SANITIZE_EMAIL` should probably take care of the worst. Anything else can just hard fail.
vaeringjar referenced this issue from a commit 6 years ago
This should take care of some of the problem of xss for now. #11
vaeringjar commented 6 years ago
Owner

Just to explicated; tested successfully blocking:

index.php?m=%3Cscript%3Ealert(%22helloworld%22);%3C/script%3E

Just to explicated; tested successfully blocking: `index.php?m=%3Cscript%3Ealert(%22helloworld%22);%3C/script%3E`
vaeringjar referenced this issue from a commit 6 years ago
Finished the fix for the xss attack on the bouncer. #11
vaeringjar closed 6 years ago
Sign in to join this conversation.
Labels
Clear labels
bug duplicate enhancement help wanted invalid question wontfix
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No Milestone
Assignee
Clear assignee
No assignee
1 Participants
Write Preview
Loading...
Cancel
Save
There is no content yet.