Closed blairlearn closed 3 years ago
Error messages should not return user inputs. This opens a potential for cross-site scripting vulnerabilities.
ESTIMATE TBD
{"Message":"Could not find codes 'ccode='\"--></style></scRipt><scRipt>order(66)</scRipt>'."}
The key part being <scRipt>order(66)</scRipt>
<scRipt>order(66)</scRipt>
Fixed by 84ffbee21cea010cb8183d8f4cd871123544ed70
Issue description
Error messages should not return user inputs. This opens a potential for cross-site scripting vulnerabilities.
Steps to reproduce the issue
What's the expected result?
What's the actual result?
{"Message":"Could not find codes 'ccode='\"--></style></scRipt><scRipt>order(66)</scRipt>'."}
The key part being
<scRipt>order(66)</scRipt>
Additional details / screenshot
Related Tickets