You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because that line includes the user input in the BadRequest response, and does not sanitize the HTML before returning, this can be used to execute arbitrary JS
Example Request https://my-oidc-provider.com/authorization/?other_valid_parts&response_type=<script>alert("hi")%3B<%2Fscript>
https://github.com/rohe/pyoidc/blob/master/src/oic/oic/provider.py#L1837
Because that line includes the user input in the BadRequest response, and does not sanitize the HTML before returning, this can be used to execute arbitrary JS
Example Request
https://my-oidc-provider.com/authorization/?other_valid_parts&response_type=<script>alert("hi")%3B<%2Fscript>You probably should at least
cgi.escapein here https://github.com/rohe/pyoidc/blob/master/src/oic/utils/http_util.py#L52The text was updated successfully, but these errors were encountered: