search

Rotonde / rotonde-client

Rotonde Base Client
https://client-neauoire.hashbase.io/
MIT License
227 stars 49 forks source link

Fix escaping in status.js and topic XSS in entry.js #176

Closed 0x0ade closed 6 years ago

0x0ade commented 6 years ago

  1. Substringing the escaped HTML can result in substring cutting off in the middle of an escape sequence.

  2. The vulnerabilities in entry.js keep coming >.<

image

image