Skip to content
This repository has been archived by the owner on Sep 24, 2022. It is now read-only.

Code sample in the manual leads to cross-site-scripting vulnerability #25

Closed
tonylampada opened this issue Sep 5, 2012 · 2 comments
Closed

Code sample in the manual leads to cross-site-scripting vulnerability #25

tonylampada opened this issue Sep 5, 2012 · 2 comments

Comments

@tonylampada
Copy link

I used the example below on FreedomSponsors (Have you seen it already? it's pretty cool! hehe), and I found a cross-site-scripting vulnerability on it.

http://misaka.61924.nl/manual/#toc_15

When I add a code block by indentation, like the one below, it will actually execute the javascript code instead of displaying it on screen.

<script>
alert(document);
</script>

This is how I fixed it in FS. Please consider updating the documentation to use that strategy (or maybe something better) instead of the current one.
@FSX
Copy link
Owner

FSX commented Sep 5, 2012

Thanks, good catch! Will look at it when I get home.

@tonylampada
Copy link
Author

No, thank you man. This Misaka thing just rocks :-)

@FSX FSX closed this as completed Oct 21, 2012
@yarwelp yarwelp mentioned this issue Mar 29, 2017
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FSX @tonylampada