首頁 探索 說明
登入
vaeringjar
/
id.ly
關註 2
讚好 1
複刻 0
檔案 問題管理 10 合併請求 0
標籤 里程碑
創建問題

#11 Update the hyperlink/deeplink bouncer code itself

已關閉
vaeringjar6 年之前創建 · 2 條評論
vaeringjar 評論 6 年之前'

I think this might have an XSS vulnerability; need to sanitize the user input.

https://notabug.org/vaeringjar/id.ly/src/debian9-android/src/remote/index.php

I think this might have an XSS vulnerability; need to sanitize the user input. https://notabug.org/vaeringjar/id.ly/src/debian9-android/src/remote/index.php
vaeringjar 評論 6 年之前'
所有者

PHP's FILTER_SANITIZE_EMAIL should probably take care of the worst.

Anything else can just hard fail.

PHP's `FILTER_SANITIZE_EMAIL` should probably take care of the worst. Anything else can just hard fail.
vaeringjar 在代碼提交 6 年之前 中引用了該問題
This should take care of some of the problem of xss for now. #11
vaeringjar 評論 6 年之前'
所有者

Just to explicated; tested successfully blocking:

index.php?m=%3Cscript%3Ealert(%22helloworld%22);%3C/script%3E

Just to explicated; tested successfully blocking: `index.php?m=%3Cscript%3Ealert(%22helloworld%22);%3C/script%3E`
vaeringjar 在代碼提交 6 年之前 中引用了該問題
Finished the fix for the xss attack on the bouncer. #11
vaeringjar6 年之前 關閉
登入 才能加入這對話。
標籤
清除已選取標籤
bug duplicate enhancement help wanted invalid question wontfix
未選擇標籤
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
里程碑
清除已選取里程碑
未選擇里程碑
指派成員
取消指派成員
未指派成員
1 參與者
內容編輯 效果預覽
正在加載...
取消
保存
尚未有任何內容