-
https://infosec.mozilla.org/guidelines/web_security#content-security-policy
CSP allows to block XSS attacks by preventing the execution of unauthorized javascript or css inside a html page.
While …
-
`Base->clean()` doesn't [mitigate XSS/code injection attacks](https://github.com/bcosca/fatfree/blob/9cc485be8db3b2b9d7c1f098db24afd05e5259da/lib/base.php#L779-780) as it doesn't remove malicious tag …
Rayne updated
3 years ago
-
We should write a safe_echo() which is more or less like the following:
``` php
function safe_echo($input) {
echo(htmlspecialchars($input));
}
```
All calls to echo() that aren't known to be saf…
-
- HTTPS should be implemented for Man in middle attack defense
- Investigate CSRF attack defense
- CSRF check cheat sheet https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention…
-
As a user, I'd like to be able to add active web links to my cards
Implementation will likely relate to how #11 is implemented.
## ⚠️ Security Note
Implementing this incorrectly could open …
-
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
This repository currently has no…
-
# Description of the Vulnerability
login.html
line 66
Storing sensitive information (like passwords) in localStorage.
Storing sensitive information like passwords in localStorage poses a signifi…
-
We already have a difference between what is allowed by default and what is truly blocked. A `foo` element is not allowed by default, but you could allow it as it's not an XSS risk. I.e., there's a ba…
-
Hello everyone,
I'm working on a final year project for my school. The project is a simple nginx reverse proxy with modsecurity and behind it a juice shop.
The problem is that modsecurity blocks sql…
-
Hi Elena,
Can you please edit our existing code so that it's protected against xss attacks.
Thank you,
Sebastian