Closed jlbooker closed 6 years ago
In the check-out interface's javascript, we need to escape the text fields before echoing them.
For example, if a user begins the key code field with a ' (single quote) character, then the key code is output as:
'
var previous_key_code = ''BC3N083A-1';
Which causes a syntax error (and likely a xss-scripting vulnerability).
This is probably true of all the text fields on that page.
:+1:
In the check-out interface's javascript, we need to escape the text fields before echoing them.
For example, if a user begins the key code field with a
'
(single quote) character, then the key code is output as:Which causes a syntax error (and likely a xss-scripting vulnerability).
This is probably true of all the text fields on that page.