New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XSS Injection #20
Comments
Hi, A quick fix is to set the
|
Hi, I'm the one who should thank you for the quick fix. But I saw this in markdown docs: https://pythonhosted.org/Markdown/reference.html#safe_mode
Is it the same thing you mentioned, or am I confused? |
Hi, I was referring to the But indeed this is related to the "safe_mode" of the Markdown Python module, which seem to be deprecated. This should be fixed inside the django-markdown module and not in django-machina. I plan to replace django-markdown by another solution in the next |
Oh, understood! Thanks! |
django-machina is vulnerable do XSS Injection when user creates a topic.
you just have create or reply a topic with:
<script>alert('hello');</script>
The text was updated successfully, but these errors were encountered: