Open cduhn17 opened 1 year ago
There are a multitude of issues with bulletin_generator where we are not escaping generated html code.
Currently there are variables that take input and result in html generated code
Its required that all inputs are escaped to validate there is not code that can be used for command injection
🐛 Summary
There are a multitude of issues with bulletin_generator where we are not escaping generated html code.
To reproduce
Currently there are variables that take input and result in html generated code
Expected behavior
Its required that all inputs are escaped to validate there is not code that can be used for command injection