alan-mj-lin / Sporeas

TJC projection webapp for service use.
1 stars 0 forks source link

prevent_script_injection for #96 #98

Closed hchiam closed 4 years ago

hchiam commented 4 years ago

See issue #96.

hchiam commented 4 years ago

@eaneatfruit please review the code in this PR. I didn't bother implementing a complete encoding function since it seems the problem is only when displaying HTML, and there should be no problem with URL paths anyways in our case (no fancy parameters being used in the URL). So I only simply replaced the minimal characters for script tags:

hchiam commented 4 years ago

Apparently need to also encode & in our case.

hchiam commented 4 years ago

Merging for now. Seems to pass Selenium IDE tests.