Open donabrams opened 8 years ago
JSON.stringify doesn't correctly escape some strings (such as ) leading to potential client code injection. The use of a library such as serialize-javascript is recommended.
Vulnerability description: http://benalpert.com/2012/08/03/preventing-xss-json.html
https://github.com/cerebral/cerebral-website/blob/v2/app/markdown/doc_servercontroller.md should be updated.
JSON.stringify doesn't correctly escape some strings (such as ) leading to potential client code injection. The use of a library such as serialize-javascript is recommended.
Vulnerability description: http://benalpert.com/2012/08/03/preventing-xss-json.html
https://github.com/cerebral/cerebral-website/blob/v2/app/markdown/doc_servercontroller.md should be updated.