Closed ericvaandering closed 6 years ago
Can we create a string stored in the DB that can escape it's JS string in the keyword choose or note inserter?
XSS executing for existing admin-inputs like topic/group/keyword (if any) XSS executing for Javascript such as keyword chooser or notes copy (if any)
Can we create a string stored in the DB that can escape it's JS string in the keyword choose or note inserter?
XSS executing for existing admin-inputs like topic/group/keyword (if any) XSS executing for Javascript such as keyword chooser or notes copy (if any)