TextArea Element Source

SAP / project-foxhound

A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla/gecko-dev). It can be used to identify insecure data flows or data privacy leaks in client-side web applications.

GNU General Public License v3.0

81 stars 16 forks source link

TextArea Element Source #189

Closed tmbrbr closed 10 months ago

tmbrbr commented 10 months ago

Mark TextArea Element value as a source.

Currently input element value attributes are marked as sources. These are stored via attributes and tainted properly.

However, TextArea Elements don't use attributes to store their content, and hence are currently not tainted.

tmbrbr commented 10 months ago

This should be fixed in 7903542f134397a8ea6d9342bc5c8d8e867229e5