New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2016 XSS issue on Wikipedia #225
Comments
I'm not sure about this, but.. I looked over the research paper and I checked also the BOOTH. Talking about XSS, django settings has
|
I read the paper, the version that is deployed still seems to be vulnerable: |
@benadida ^ is this something you would accept a PR for? Is it okay to just block external URL's? |
In particular, line 370 of |
The XSS with |
The Wikipedia article for Helios describes a 2016 XSS security issue and claims that "It is unclear if the vulnerability has been fixed as of 2019".
The issue is explained as such:
The citation is this 2016 article.
Has said issue been fixed, and if so, maybe it would be a good idea to update the Wikipedia page?
The text was updated successfully, but these errors were encountered: