Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix XSS in extension #21

Merged
merged 1 commit into from Nov 9, 2015
Merged

Fix XSS in extension #21

merged 1 commit into from Nov 9, 2015

Conversation

bawolff
Copy link
Contributor

@bawolff bawolff commented Oct 21, 2015

This extension did not escape its user-supplied input for the meta property tags

Example: {{#seo:article:publisher=foo"><script>alert('XSS')</script> <b f="}}

This sort of vulnerability could be leveraged to take over other user's accounts
and other evil things.

This extension did not escape its user-supplied input for the meta property tags

Example: {{#seo:article:publisher=foo"><script>alert('XSS')</script> <b f="}}

This sort of vulnerability could be leveraged to take over other user's accounts
and other evil things.
andru added a commit that referenced this pull request Nov 9, 2015
@andru andru merged commit a4d06c7 into tinymighty:master Nov 9, 2015
@andru
Copy link
Contributor

andru commented Nov 9, 2015

Ouch! Thanks for catching that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants