From cdc5824b8a270eb9d1d61cc8470e23b8929b1ec1 Mon Sep 17 00:00:00 2001
From: Mehul Mohan <technotweaksteam@gmail.com>
Date: Thu, 26 Nov 2015 21:19:32 +0530
Subject: [PATCH] Parsed down the URL parameter which earlier allowed XSS on
 page

---
 demo/index.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/demo/index.php b/demo/index.php
index 6f84d44b..16e3ae14 100644
--- a/demo/index.php
+++ b/demo/index.php
@@ -6,6 +6,11 @@
 
 function get($name, $default = '')
 {
+    if($name == 'url') {
+        if(filter_var($_GET['url'], FILTER_VALIDATE_URL)) {
+            return 'http://doNotTryToXSS.invalid';
+        }
+    }
     return isset($_GET[$name]) ? $_GET[$name] : $default;
 }