-
## What is missing or needs to be updated?
Modern browsers generally ignore `javascript:` in `` `src` attributes. Most of the examples listed which would execute javascript within an `` `src` attri…
-
While working on #6487, I stumbled upon a few problems:
1. `theme_icon()` was not allowing the use of `` elements in SVGs (they were being stripped out), while it was for example allowing ``, ``, `` …
-
I have more research to do on this issue--I'm not sure if cross-site scripting is even possible on my site (yet), but, where there's a will there's a way.
-
```
put a Filtering class that validates/sanitises data input
```
Original issue reported on code.google.com by `anast...@gmail.com` on 25 Jan 2012 at 6:15
-
```
put a Filtering class that validates/sanitises data input
```
Original issue reported on code.google.com by `anast...@gmail.com` on 25 Jan 2012 at 6:15
-
```
put a Filtering class that validates/sanitises data input
```
Original issue reported on code.google.com by `anast...@gmail.com` on 25 Jan 2012 at 6:15
-
```
put a Filtering class that validates/sanitises data input
```
Original issue reported on code.google.com by `anast...@gmail.com` on 25 Jan 2012 at 6:15
-
when pasting npub string in to the chat box, entire app freezes, requires exit and restart.
its probably due to the XSS filter but it should fail gracefully not freeze up
-
```
put a Filtering class that validates/sanitises data input
```
Original issue reported on code.google.com by `anast...@gmail.com` on 25 Jan 2012 at 6:15
-
When using the code editors I typically experience xss filters that prevent me from submitting. These are either browser reflected xss filters or apache mod_sec.
Avoiding these can be done via ajax s…