Can't share the exact code, but the essence of the problem appears to be:
Textbox value is retrieved
Passed through a replace that strips newlines
Passed into JSON.stringify
Passed into xhr.send
So it appears to be telling me that it's vulnerable because the text from the input box ends up in the JSON of the AJAX request.
But looking at the code, while I could put in something like foo"thisShouldBreak, because of the JSON.stringify, the " is being escaped (\"), which would tell me it's not going to actually be an issue.
Can't share the exact code, but the essence of the problem appears to be:
JSON.stringifyxhr.sendSo it appears to be telling me that it's vulnerable because the text from the input box ends up in the JSON of the AJAX request.
But looking at the code, while I could put in something like
foo"thisShouldBreak, because of theJSON.stringify, the"is being escaped (\"), which would tell me it's not going to actually be an issue.