Home Esplora Aiuto
Accedi
vaeringjar
/
id.ly
Segui 2
Vota 1
Forka 0
File Problemi 10 Pull Requests 0
Etichette Traguardi
Nuovo Problema

#11 Update the hyperlink/deeplink bouncer code itself

Chiuso
aperto 6 anni fa da vaeringjar · 2 commenti
vaeringjar commented 6 anni fa

I think this might have an XSS vulnerability; need to sanitize the user input.

https://notabug.org/vaeringjar/id.ly/src/debian9-android/src/remote/index.php

I think this might have an XSS vulnerability; need to sanitize the user input. https://notabug.org/vaeringjar/id.ly/src/debian9-android/src/remote/index.php
vaeringjar commented 6 anni fa
Proprietario

PHP's FILTER_SANITIZE_EMAIL should probably take care of the worst.

Anything else can just hard fail.

PHP's `FILTER_SANITIZE_EMAIL` should probably take care of the worst. Anything else can just hard fail.
vaeringjar referenced this issue from a commit 6 anni fa
This should take care of some of the problem of xss for now. #11
vaeringjar commented 6 anni fa
Proprietario

Just to explicated; tested successfully blocking:

index.php?m=%3Cscript%3Ealert(%22helloworld%22);%3C/script%3E

Just to explicated; tested successfully blocking: `index.php?m=%3Cscript%3Ealert(%22helloworld%22);%3C/script%3E`
vaeringjar referenced this issue from a commit 6 anni fa
Finished the fix for the xss attack on the bouncer. #11
vaeringjar chiuso 6 anni fa
Sign in to join this conversation.
Etichette
Pulisci le etichette
bug duplicate enhancement help wanted invalid question wontfix
Nessuna etichetta
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Traguardo
Milestone pulita
Nessuna milestone
Assegnatario
Cancella l'assegnatario
Nessun assegnatario
1 Partecipanti
Scrivi Anteprima
Caricamento...
Annulla
Salva
Non ci sono ancora contenuti.