-
-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dumb XSS hole #2
Labels
bug
Something isn't working
Comments
simonw
added a commit
to simonw/latest-datasette-with-all-plugins
that referenced
this issue
Aug 9, 2021
Fix for security issue in simonw/datasette-query-links#2
I'm going to delete the 0.1 release from PyPI just to make absolutely sure no-one ever installs it by accident. |
I chose to "delete" rather than "yank" because I'm confident no-one has pinned to version 0.1 of this library anywhere. https://blog.piwheels.org/new-features-deletion-yanking-and-more/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
select 'select ''<script>alert(/ohno/)</script>'''
https://latest-with-plugins.datasette.io/fixtures?sql=select+%27select+%27%27%3Cscript%3Ealert%28%2Fohno%2F%29%3C%2Fscript%3E%27%27%27
Due to this code:
datasette-query-links/datasette_query_links/__init__.py
Line 36 in 060d385
The text was updated successfully, but these errors were encountered: