citation-style-language / csl-editor-demo-site

Reference implementation of the CSL editor
http://editor.citationstyles.org
MIT License
18 stars 11 forks source link

Remove getFromOtherWebsite.php #1

Closed hamstah closed 12 years ago

hamstah commented 12 years ago

This file is dangerous has the input is not checked and leads to XSS

Example (shows the cookies in an alert): http://csleditor.company.com/getFromOtherWebsite.php?url=http://pastebin.com/raw.php?i=ihViEAxx

Related to: https://github.com/citation-style-editor/csl-editor/issues/144