Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix possible XSS issues #365

Merged
merged 3 commits into from Oct 19, 2021
Merged

Fix possible XSS issues #365

merged 3 commits into from Oct 19, 2021

Conversation

sonic182
Copy link
Contributor

@sonic182 sonic182 commented Oct 15, 2021

  • force_ssl default true, but optional by env var (xss security)
  • dummy fix for migrations, so new migrations can be done
  • Validate address fields, to avoid saving html tags, this way it is not possible to do XSS displaying bills

@sonic182 sonic182 changed the title [BK-666] the evil number Fix ssl in prod, to avoid XSS Oct 15, 2021
@sonic182 sonic182 changed the title Fix ssl in prod, to avoid XSS Fix possible XSS issues Oct 18, 2021
@sonic182
Copy link
Contributor Author

@peillis @agutierrezrodriguez added validation for address fields (the only field that gets html_safe so XSS is possible without this pr)

@sonic182 sonic182 merged commit 924d160 into siwapp:master Oct 19, 2021
1 check passed
@sonic182 sonic182 deleted the BK-666 branch October 19, 2021 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants