search

adamwathan / form

Super basic form HTML builder, only really exists so I can pull it in for some other more useful projects.
MIT License
232 stars 118 forks source link

Attribute values vulnerable to XSS #16

Closed robbiepaul closed 10 years ago

robbiepaul commented 10 years ago

If I enter the following in a text box and I have my model bound to the form

Test " onmouseover="alert('xss')"

adamwathan commented 10 years ago

Awesome catch, will look into a solution as soon as possible. Thanks!

On Aug 29, 2014, at 5:56 PM, Robbie Paul notifications@github.com wrote:

If I enter the following in a text box and I have my model bound to the form

Test " onmouseover="alert('xss')"

— Reply to this email directly or view it on GitHub https://github.com/adamwathan/form/issues/16.