Encode backticks in XSS payloads

(fixes CTFd/CTFd#1293)
juice-shop · Mar 23, 2020 · 3d3a5cb · 3d3a5cb
1 parent d809bbd
commit 3d3a5cb
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/lib/generators/ctfd.js b/lib/generators/ctfd.js
@@ -7,6 +7,7 @@ const options = require('../options')
 function createCtfdExport (challenges, { insertHints, insertHintUrls, ctfKey }) {
   function insertChallenge (data, challenge) {
     const score = calculateScore(challenge.difficulty)
+    challenge.description = challenge.description.replace('`xss`', '&#x60;xss&#x60;')
     data.challenges.results.push(
       {
         id: challenge.id,