Skip to content

Commit

Permalink
fix(security): mitigate Cross-Site Scripting attack (XSS)
Browse files Browse the repository at this point in the history 
Unsanitized input from an HTTP parameter flows into send, where it is
used to render an HTML page returned to the user. This may result in a
Cross-Site Scripting attack (XSS).

Signed-off-by: Bhaskara Ram <39507881+bhaskarvilles@users.noreply.github.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
  • Loading branch information
@bhaskarvilles @petermetz
bhaskarvilles authored and petermetz committed May 2, 2022
1 parent ef18827 commit 2cb68c3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion packages/cactus-cmd-socketio-server/src/main/typescript/routing-interface/routes/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ router.delete(
"/api/v1/bl/wallets/:id",
(req: Request, res: Response, next: NextFunction) => {
try {
res.send(
res.render(
"Not Implemented (Delete a Wallet" + ", id=" + escapeHtml(req.params.id) + ")\n",
);
} catch (err) {
Expand Down

0 comments on commit 2cb68c3

Please sign in to comment.