Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add HTML escaping for log content #6

Open
adrw opened this issue Oct 4, 2019 · 0 comments

Comments

@adrw
Copy link

commented Oct 4, 2019

Log content that contains HTML, CSS, or Javascript currently is rendered/executed and is an XSS attack vector and a CSS nuisance.

Fixing should be done with a trusted library

  • Lodash.escape: basic escaping
  • he: much more robust library that can handle additional escaping parameters

How to escape

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.