Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue: map data is not being sanitised properly #240

Closed
ScottNZ opened this issue Nov 2, 2014 · 2 comments
Closed

Security issue: map data is not being sanitised properly #240

ScottNZ opened this issue Nov 2, 2014 · 2 comments
Labels
bug security

Comments

@ScottNZ
Copy link

ScottNZ commented Nov 2, 2014

e.g. upload a map with title: <script>alert("lol test")</script>, visit the page for it on the resources site and click 'show yaml' which will execute the script.
This is a pretty major security issue.
@Mailaender
Copy link
Member

See also OpenRA/OpenRAWeb#169.

@ihptru
Copy link
Contributor

ihptru commented Nov 2, 2014

note for me: from django.utils.html import escape

ihptru added a commit to ihptru/OpenRA-Resources that referenced this issue Nov 3, 2014
@ihptru
closes OpenRA#240; and OpenRA#235
5495370
@ihptru ihptru closed this as completed Nov 3, 2014
This was referenced Nov 3, 2014
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Mailaender @ihptru @ScottNZ