Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve input field sanitization in oik admin pages #125

Open
bobbingwide opened this Issue Mar 5, 2019 · 0 comments

Comments

Projects
None yet
1 participant
@bobbingwide
Copy link
Owner

bobbingwide commented Mar 5, 2019

In the oik admin pages it's possible for an unscrupulous user to create cross site scripting ( XSS ) issues.
This can be demonstrated by pasting the following into the input fields.

"><script>alert( "XSS")</script>

It's not something a normal admin person would do, but we should try to prevent it anyway.

Functions to use to perform validation include sanitize_text_field(), sanitize_key(), sanitize_email() and esc_url_raw()

Note: Inadvertent entry of "> alone may be enough to cause display problems which cannot be corrected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.