felixatmaltego
commented
3 years ago Changed base to branch registry. Will be merged into master in future release.
Closed pugilist closed 3 years ago
felixatmaltego
commented
3 years ago Changed base to branch registry. Will be merged into master in future release.
Message data returned to the maltego client is not sanitized. This creates issues when these responses contain special characters. It seems that this issue can be mitigated simply by escaping the data prior to returning it to the client like so.
There may be additional changes required here (eg updates to the client), but realistically, all data being passed between client and server should be sanitized to avoid issues. The escape/unescape functions (https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.escape and https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.unescape) should accomplish that.