Location bar is not escaping the file name. #267

Open
ikarienator opened this Issue Mar 27, 2013 · 0 comments

Projects

None yet

1 participant

@ikarienator

It will cause problem if there are special chars in the file name.

For example rename the file to <div onclick="alert('pwnd');">nice.js and you can have a clickable file name on the location bar. Similar tricks can cause automatic code execution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment