Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do something to prevent XSS #54

Open
lefthandedgoat opened this issue Jul 22, 2016 · 6 comments
Open

Do something to prevent XSS #54

lefthandedgoat opened this issue Jul 22, 2016 · 6 comments
Labels
bug

Comments

@lefthandedgoat
Copy link
Owner

You can enter <script>alert('hello')</script> into the text box and it will run the js when loading the view page.
@lefthandedgoat
Copy link
Owner Author

http://wpl.codeplex.com/

@jeroldhaas
Copy link
Collaborator

that's meant as a band-aid until a proper fix can be applied to a site

@lefthandedgoat
Copy link
Owner Author

@jeroldhaas Ok good, info. I will definitely do more research before I implement something.

@jeroldhaas
Copy link
Collaborator

Perhaps I can assist. Can you provide more info on this bug? Is text entered into textboxes getting evaled?

@lefthandedgoat
Copy link
Owner Author

Basic Idea is that I know there is a lot of things about web dev that I don't know, and managing and preventing XSS is one of them, so this is a todo for me to research and implement a fix.

I did test it and put a script tag in an input box, and after saving it, it did evaluate the script tag on rendering the 'view' page.

@jeroldhaas
Copy link
Collaborator

These might be a good starting point - there are some more but their compatibility with Suave might be suspect:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lefthandedgoat @jeroldhaas