Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Clean input values to prevent XSS vulnerability #4710
Staging branch URL: https://fix-xss-vulnerability.pfe-preview.zooniverse.org/
Fixes issue brought to our attention from an email to the security group. This must be tested in Firefox. I couldn't get the XSS vulnerability to trigger in Chrome.
The example project:
This PR adds sanitation to the value that is saved in the project builder so it prevents this from happening in the future. If you make a new project and try to save
Required Manual Testing