New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Stored XSS in account name #52
Comments
|
don't rely on these naive solutions, there are specific libraries to sanitize input. you can use symbols in input fields but simply they will be rendered as pure text and not html. |
|
You right. Thank you so much... im trying different solutions thanks to your observation... :) |
|
@edoardottt fixed b6a128a. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment

Tested version: b80b09d (latest)
Steps to reproduce the vulnerability:
"><img src=x onerror=alert(document.domain)>as account name and save.The text was updated successfully, but these errors were encountered: