New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed XSS Security Vulnerabilities and bug with mime types including '+'. #3

merged 1 commit into from Oct 15, 2017


None yet
2 participants

mvastola commented Aug 24, 2017


This comment has been minimized.


zzxiang commented Aug 25, 2017

MIME types including '+', such as image/svg+xml?

@zzxiang zzxiang self-requested a review Aug 25, 2017

@zzxiang zzxiang self-assigned this Aug 25, 2017


This comment has been minimized.


mvastola commented Aug 25, 2017

Yes. It'll guess the mime type right, but it'll replace the + with a space.
The bigger issue is potentially the XSS attack though. Add this path to any wordpress install to see what I mean.

@zzxiang zzxiang merged commit eda6cb3 into zzxiang:master Oct 15, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment