This repository has been archived by the owner on Oct 13, 2021. It is now read-only.
[security] - XSS - Encode special caracters before including content on the page #259
Comments
|
I made some changes to the API for this but we still need to make an update to the plugin. The plugin must encode special characters before adding the content to the page. Encoding should be applied directly before user-controllable data is written to a page because the context you're writing into determines what kind of encoding you need to use. |
chrisguindon
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I did notice last week that some characters might be double encoded in a news item.
I am creating this issue here but I think the plugin is doing the right thing.
Let's investigate: I have a feeling that the fix should be done in the API and not in this plugin as I expect the plugin to encode all special characters.
The text was updated successfully, but these errors were encountered: