A fully-searchable and accessible archive of court data including growing repositories of opinions, oral arguments, judges, judicial financial records, and federal filings.
This PR addresses a security vulnerability in the registration form. The first_name field was previously susceptible to Hyperlink Injection attacks. By allowing arbitrary input, malicious users could inject malicious links into the welcome email, potentially redirecting users to phishing sites or distributing malware.
mlissner
commented
2 days ago
This PR addresses a security vulnerability in the registration form. The
first_namefield was previously susceptible to Hyperlink Injection attacks. By allowing arbitrary input, malicious users could inject malicious links into the welcome email, potentially redirecting users to phishing sites or distributing malware.References:
https://hackerone.com/reports/843421 https://hackerone.com/reports/158554 https://hackerone.com/reports/164833
fixes #4687