Página inicial Explorar Ajuda
Entrar
vaeringjar
/
id.ly
Observar 2
Favorito 1
Fork 0
Arquivos Issues 10 Pull Requests 0
Etiquetas Milestones
Novo issue

#11 Update the hyperlink/deeplink bouncer code itself

Fechado
6 anos atrás foi aberto por vaeringjar · 2 comentários
vaeringjar comentado 6 anos atrás

I think this might have an XSS vulnerability; need to sanitize the user input.

https://notabug.org/vaeringjar/id.ly/src/debian9-android/src/remote/index.php

I think this might have an XSS vulnerability; need to sanitize the user input. https://notabug.org/vaeringjar/id.ly/src/debian9-android/src/remote/index.php
vaeringjar comentado 6 anos atrás
Proprietário

PHP's FILTER_SANITIZE_EMAIL should probably take care of the worst.

Anything else can just hard fail.

PHP's `FILTER_SANITIZE_EMAIL` should probably take care of the worst. Anything else can just hard fail.
vaeringjar citou este problema em um commit 6 anos atrás
This should take care of some of the problem of xss for now. #11
vaeringjar comentado 6 anos atrás
Proprietário

Just to explicated; tested successfully blocking:

index.php?m=%3Cscript%3Ealert(%22helloworld%22);%3C/script%3E

Just to explicated; tested successfully blocking: `index.php?m=%3Cscript%3Ealert(%22helloworld%22);%3C/script%3E`
vaeringjar citou este problema em um commit 6 anos atrás
Finished the fix for the xss attack on the bouncer. #11
vaeringjar fechado em 6 anos atrás
Faça login para participar desta conversação.
Etiquetas
Limpar etiquetas
bug duplicate enhancement help wanted invalid question wontfix
Sem etiqueta
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Limpar milestone
Sem milestone
Responsável
Limpar responsável
Não atribuída
1 participantes
Escrever Visualizar
Carregando...
Cancelar
Salvar
Ainda não há conteúdo.