XSS attack <script>console.warm('pwned')</script> #21

marcoscaceres · 2012-11-13T12:52:30Z

Because we were not sanitizing the titles of Github bugs, we left ourselves open to a XSS attack. @marcoscaceres tried to fix this with:

htmlspecialchars($var, ENT_QUOTES, 'UTF-8').

But he is no PHP security expert.

marcoscaceres · 2012-11-13T12:54:13Z

Need to fix this ASAP

marcoscaceres · 2012-11-13T13:26:02Z

Ok, I think I fixed it with: htmlspecialchars($var, ENT_QUOTES, 'UTF-8').

However, need security review.

marcoscaceres · 2012-11-13T13:27:13Z

testing again

marcoscaceres · 2012-11-13T13:41:05Z

Seems ok now, but would really like a proper review. Maybe @attiks can do it or knows someone? The file in question is: https://github.com/ResponsiveImagesCG/responsiveimages.org/blob/master/issues.php#L86 (print_issues() function)

attiks · 2012-11-13T15:07:41Z

did you push the latest changes?

marcoscaceres · 2012-11-13T15:09:04Z

ah, my bad. I did not. I only pushed to the website... pushing now.

marcoscaceres · 2012-11-13T15:09:54Z

attiks · 2012-11-13T15:17:02Z

That should do it.

marcoscaceres closed this as completed Nov 13, 2012

marcoscaceres reopened this Nov 13, 2012

attiks closed this as completed Nov 13, 2012

Provide feedback