Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolves #785 Remove disallowed characters in query parameter names to prevent XSS reflection #922

Merged
merged 3 commits into from
Nov 18, 2022
Merged

Resolves #785 Remove disallowed characters in query parameter names to prevent XSS reflection #922

merged 3 commits into from
Nov 18, 2022

Conversation

jdaigneau5
Copy link
Collaborator

@jdaigneau5 jdaigneau5 commented Nov 17, 2022
edited

Similar to PR #921 but this filters parameters used in error messages in validateQueryParameterNames in middleware.js to prevent possible XSS reflection in certain browsers.

@jdaigneau5 jdaigneau5 changed the title Resolves #785 Add filter to remove disallowed characters in parameters in endpoint calls Resolves #785 Add filter to remove disallowed characters in parameters in endpoint calls to prevent XSS reflection Nov 17, 2022
@jdaigneau5 jdaigneau5 linked an issue Nov 17, 2022 that may be closed by this pull request
validateQueryParameterNames may allow reflected XSS in older browsers #785
Closed
@jdaigneau5 jdaigneau5 changed the title Resolves #785 Add filter to remove disallowed characters in parameters in endpoint calls to prevent XSS reflection Resolves #785 Remove disallowed characters in query parameter names to preven XSS reflection Nov 17, 2022
@jdaigneau5 jdaigneau5 changed the title Resolves #785 Remove disallowed characters in query parameter names to preven XSS reflection Resolves #785 Remove disallowed characters in query parameter names to prevent XSS reflection Nov 18, 2022
@slubar slubar merged commit 6b61004 into dev Nov 18, 2022
@slubar slubar deleted the jd-785 branch November 18, 2022 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slubar slubar slubar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

validateQueryParameterNames may allow reflected XSS in older browsers
2 participants
@jdaigneau5 @slubar