You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
An administrator can put incorrect input into the Site Title and create an irrecoverable crash in the wiki. Don't do this unless you have an easy way of getting into the source. This will make the wiki inoperable.
To Reproduce
Steps to reproduce the behavior:
Go to a Wiki's Dashboard
Click on General
Put some arbitrary HTML/JS as the Site Title value, e.g. "<script>console.log('hi')</script>" (quotes for emphasis, don't use)
Save the page
Refresh the page
See error on the page and in the console (see screenshots, below)
Expected behavior
Input should be sanitized
Screenshots
(any page on the wiki renders as...)
The text was updated successfully, but these errors were encountered:
Describe the bug
An administrator can put incorrect input into the Site Title and create an irrecoverable crash in the wiki. Don't do this unless you have an easy way of getting into the source. This will make the wiki inoperable.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Input should be sanitized
Screenshots
(any page on the wiki renders as...)
The text was updated successfully, but these errors were encountered: