Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS #3

Open
httpnotonly opened this issue May 8, 2019 · 2 comments

Comments

Projects
None yet
2 participants
@httpnotonly
Copy link

commented May 8, 2019

imageFile = Utils.DecodeBase64(path);

@httpnotonly

This comment has been minimized.

Copy link
Author

commented May 8, 2019

POST base64(payload) -> XSS

@ninianne98

This comment has been minimized.

Copy link
Owner

commented May 8, 2019

This is within an authenticated admin area vs a publicly facing api, and only provides metadata storage on a per filename basis, and would not be returned except through said image URI being included in a gallery being presented back to the UI. Though all the same, blocking certain file patterns to prevent undesirable file data is not unreasonable.

@ninianne98 ninianne98 self-assigned this May 8, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.