Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

js email validation freeze browser #1540

Closed
syky01 opened this issue Oct 9, 2015 · 3 comments

Comments

Projects
None yet
2 participants
@syky01
Copy link

commented Oct 9, 2015

Steps to reproduce:

$form = new Form;
$form->addText('email', 'Email:')
  ->addRule(Form::FILLED, 'Zadejte email')
  ->addRule(Form::EMAIL, 'Email nemá správný formát');
$form->addSubmit('send', 'Odeslat');
$this->template->form = $form;

paste to input, click to submit:
"><img src=x onerror=prompt(document.domain)>

result:
freeze browser tab

@dg

This comment has been minimized.

Copy link
Member

commented Oct 9, 2015

Which browser?

@syky01

This comment has been minimized.

Copy link
Author

commented Oct 9, 2015

Google Chrome 45.0.2454.101
Firefox 40.0.3
Internet explorer 11
(windows versions)

@syky01

This comment has been minimized.

Copy link
Author

commented Oct 9, 2015

Updated (freeze after validation) must click to submit

dg added a commit to nette/forms that referenced this issue Oct 9, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.