Critical: HTML injection attack possible through search context generation #94
Labels
Area: Code
It's got something to do with code
bug
Squash it quick!
critical
It's a nasty one.
fixed
It's fixed!
Milestone
Upon inspection, it looks like it's possible to inject arbitrary HTML into a user's browser through the search results. We should escape the generated search context before they are displayed.
The text was updated successfully, but these errors were encountered: