Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Reflected XSS via `back` parameter #1
Hi, there is a reflected Cross-Site Scripting vulnerability via
I will suggest using something like Bleach:
Hey, it was a very minor issue, so thanks for the very quick response! Checking for the empty scheme is efficient in case of XSS here, but it still allows open redirect:
So something like this will still work:
But at this point I think that it's not worth the effort to fix it.