Fix HTML injection vulnerability

anubhav-chattoraj / indic-tools

Miscellaneous tools for dealing with Indic languages and scripts.

5 stars 1 forks source link

Open anubhav-chattoraj opened 10 years ago

anubhav-chattoraj commented 10 years ago

The sorted results are added to the page without any HTML escaping. So giving an input like

क 
<strong>क</strong>

Gives this output:

HTML injection

gasyoun commented 10 years ago

Right, no need to have it so.