New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Background storage XSS #27
Comments
|
抱歉 这个问题暂时没办法避免 文章正文必须是富文本的 |
你可以过滤敏感字符,或者转义双引号,单引号,尖括号就能避免xss |
sanluan
added a commit
that referenced
this issue
Nov 21, 2019
|
刚才提交了代码 目前的解决方法是标识投稿文章,对于未审核的投稿文章 默认做安全转义 |
|
|
非常感谢发现的这个bug |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background storage XSS



step1:
https://cms.publiccms.com/case.html Submit case
step2:
Administrator review submit case trigger xss
Click to trigger xss
The text was updated successfully, but these errors were encountered: