search

MattHeard / Dendrite

Write an interactive adventure story with the rest of the world
MIT License
2 stars 0 forks source link

Check all JSPs for evaluated code which isn't escaped. #117

Closed MattHeard closed 10 years ago

MattHeard commented 10 years ago

For example:

<script>var AUTHOR_ID = "<%= view.getAuthorId() %>";</script>

Although this particular function call prevents basic injection, it could still be vulnerable.