New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XSS in default views #969
Comments
simkim
added a commit
to simkim/doorkeeper
that referenced
this issue
May 25, 2017
The client name is not escaped
dmitrytrager
pushed a commit
to earlymarket/doorkeeper
that referenced
this issue
Jun 9, 2017
The client name is not escaped
pimpin
pushed a commit
to teezily/doorkeeper
that referenced
this issue
Nov 27, 2018
The client name is not escaped
AaronBroadIntrohive
pushed a commit
to AaronBroadIntrohive/doorkeeper
that referenced
this issue
May 14, 2019
The client name is not escaped
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Default authorization and application views use the "raw" function which inevitably lead to xss issue :
doorkeeper/app/views/doorkeeper/authorizations/new.html.erb
Line 7 in 14c9ed1
doorkeeper/app/views/doorkeeper/applications/_form.html.erb
Line 24 in 14c9ed1
The text was updated successfully, but these errors were encountered: