duvholt
commented
8 years ago Doesn't seem like it's possible to execute XSS since quotes are escaped. At least I wasn't able to break out of the href quotes.
Closed ogdans3 closed 8 years ago
duvholt
commented
8 years ago Doesn't seem like it's possible to execute XSS since quotes are escaped. At least I wasn't able to break out of the href quotes.
Fix XSS issue by removing all piping to the raw filter.
This will resolve #1 and partially resolve #4 and #5.