search

fac26 / week2-database-nkndi

0 stars 0 forks source link

<img> can bypass sanitisation and push alerts #37

Closed georgiaewhitney closed 1 year ago

georgiaewhitney commented 1 year ago

Can run <img onerror="alert('hello!')"> in input field and bring up retaining alert, and allows empty input form data entry.

image image
ko-karol commented 1 year ago

Oops. We didn't actually have sanitisation implemented yet. Fixed in PR #54 probably.