def query_string():
"""Returns a sanitized query string."""
rejected_keys = [
'space_id',
'delivery_token',
'preview_token',
'editorial_features'
]
args = {k: v for k, v
in request.args.items()
if k not in rejected_keys}
if not args:
return ''
return '?{0}'.format(
'&'.join(
'{0}={1}'.format(k, v) for k, v
in args.items()
)
)
Hi Team
I found a reflected xss vulnerability.
routes/base.py
Proof of concept:
The text was updated successfully, but these errors were encountered: