Skip to content
This repository has been archived by the owner on Apr 3, 2023. It is now read-only.

Escape HTML in messages extracted from Validator NU output #212

Merged
merged 1 commit into from Jun 3, 2021

Conversation

dontcallmedom
Copy link
Member

Fix XSS risk

@jean-gui I haven't tested it and am light years away of being in a position to test it, so your help in verifying this fix the bug and in deploying it if it does would be greatly appreciated

@echo0x00
Copy link

echo0x00 commented Jun 2, 2021

@dontcallmedom @jean-gui I was the one who reported the vulnerability. I'm sorry if my words are inappropriate. But I was unable to deploy the unicorn and check the suggested edits. Everything worked perfectly, XSS on my Payloads are no longer observed. HTML is escaped. You can check it here: http://80.211.182.47:8081/unicorn/

@dontcallmedom
Copy link
Member Author

@savproga many thanks for verifying the patch! I'll work with @jean-gui in getting it deployed then.

@dontcallmedom dontcallmedom merged commit 51f75c3 into master Jun 3, 2021
@dontcallmedom dontcallmedom deleted the nu-xss branch June 3, 2021 06:37
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants