I did notice that if I send a malicious payload on the query like: /search/query:%22ony=()%20onmouseover=prompt(document.location)%3E and query twig variable is printed on the page, it can be exploited, example:
<a href="/search/query:{{ query }}">Your search for {{ query}}</a>
The anchor will be manipulated to add malicious javascript code. What about provide some extra security by use HTMLPutifier or htmLawed as an option to clean the query twig var?
I did notice that if I send a malicious payload on the query like: /search/query:%22ony=()%20onmouseover=prompt(document.location)%3E and query twig variable is printed on the page, it can be exploited, example:
The anchor will be manipulated to add malicious javascript code. What about provide some extra security by use HTMLPutifier or htmLawed as an option to clean the query twig var?
Like this:
I did implement this on my side to mitigate a potencial XSS attack on the plugin since it is used site wide.
Thanks in advance