kltm
commented
1 year ago Noting the theme https://github.com/geneontology/amigo/issues/575
Closed kltm closed 1 year ago
kltm
commented
1 year ago Noting the theme https://github.com/geneontology/amigo/issues/575
kltm
commented
1 year ago Up on staging. Pinged LBL back in email.
kltm
commented
1 year ago Report for LBL that we're good. We should propagate this to other AmiGOs.
It is currently possible to inject disrupting code into the search (medial_search)
qparameter that could be used to create an XSS attack for users on bad links. For example, the following URLs illustrate this, disrupting the variable creation:https://amigo-staging.geneontology.io/amigo/medial_search?q=--%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C!--
Fixing would be better serialization on variable rendering.