Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical: HTML injection attack possible through search context generation #94

Closed
sbrl opened this issue Aug 19, 2016 · 1 comment
Closed

Critical: HTML injection attack possible through search context generation #94

sbrl opened this issue Aug 19, 2016 · 1 comment
Labels
Area: Code It's got something to do with code bug Squash it quick! critical It's a nasty one. fixed It's fixed!
Milestone
v0.12.1

Comments

@sbrl
Copy link
Owner

sbrl commented Aug 19, 2016

Upon inspection, it looks like it's possible to inject arbitrary HTML into a user's browser through the search results. We should escape the generated search context before they are displayed.
@sbrl sbrl added bug Squash it quick! critical It's a nasty one. Area: Code It's got something to do with code labels Aug 19, 2016
@sbrl sbrl added this to the v0.12.1 milestone Aug 19, 2016
@sbrl sbrl changed the title Critical: HTML injection attack possible through search context Critical: HTML injection attack possible through search context generation Aug 19, 2016
@sbrl sbrl closed this as completed Aug 19, 2016
@sbrl
Copy link
Owner Author

sbrl commented Aug 19, 2016

Fixed.

@sbrl sbrl added the fixed It's fixed! label Aug 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: Code It's got something to do with code bug Squash it quick! critical It's a nasty one. fixed It's fixed!
Projects
None yet
Milestone
v0.12.1
Development

No branches or pull requests
1 participant
@sbrl