shiffman
commented
7 years ago Any suggestions for best / easiest way to fix this?
Closed felixschorer closed 7 years ago
shiffman
commented
7 years ago Any suggestions for best / easiest way to fix this?
felixschorer
commented
7 years ago Well, in the case of mad libs you can for example just reject everything with regex which isn't alphanumerical. That would certainly be the easiest and most robust fix.
felixschorer
commented
7 years ago I've also added some entries to the spreadsheets which exploit that XSS vulnerability. My intent was it to inform inexperienced web developers, who are thinking about using your code. It should be easy to test your fix with those entries.
felixschorer
commented
7 years ago And also, thank you very much for taking this so seriously. I would appreciate it if you could do a video on web security such as XSS or SQL injection attacks.
misterhtmlcss
commented
7 years ago @lgfrbcsgo , why not offer to create a video or text tutorial for Daniel. He seems to allow guests and then it's a win win, since he doesn't have to circle the wagons then for little details that distract from the core learning experience he's creating.
Seems like both a reasonable request and also a great way to get some exposure for yourself in the process.
Just an idea.
felixschorer
commented
7 years ago @misterhtmlcss I like the idea, but the problem is that I lack the experience in teaching. I am a terrible teacher and most of the time have to explain things multiple times to friends when they ask me some fairly basic stuff. Also no one would like to listen to a terribly English speaking German for an extended period of time.
Both projects using Google Spreadsheets are vulnerable to Cross Site Scripting (XSS).