Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

< and > are not escaped in the joke submission form #68

Closed
Sv443 opened this issue Mar 26, 2020 · 0 comments · Fixed by #73
Closed

< and > are not escaped in the joke submission form #68

Sv443 opened this issue Mar 26, 2020 · 0 comments · Fixed by #73
Assignees
@Sv443
Labels
bug Something isn't working
Milestone
2.1.3

Comments

@Sv443
Copy link
Member

Sv443 commented Mar 26, 2020

The characters < and > are not escaped when entering them in the joke submission form, therefore they can be used to "XSS yourself" or just to break the submission payload rendering.

image
@Sv443 Sv443 added the bug Something isn't working label Mar 26, 2020
@Sv443 Sv443 self-assigned this Mar 26, 2020
@Sv443 Sv443 added this to the 2.1.3 milestone Apr 20, 2020
@Sv443 Sv443 linked a pull request Apr 20, 2020 that will close this issue
Release 2.1.3 #73
Merged
5 tasks
@Sv443 Sv443 mentioned this issue Apr 20, 2020
Merged
5 tasks
Sv443 pushed a commit that referenced this issue Apr 20, 2020
Fixed #68
8f8d96b
@Sv443 Sv443 closed this as completed in #73 May 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Sv443 Sv443

Labels
bug Something isn't working
Projects
None yet
Milestone
2.1.3
Development

Successfully merging a pull request may close this issue.

Release 2.1.3 Sv443-Network/JokeAPI
1 participant
@Sv443