giandonatoinverso
commented
4 months ago I think the inputs need to be filtered. Some already are. I currently don't have time to work on the project, I invite the community to do so
Closed tranmh closed 4 months ago
giandonatoinverso
commented
4 months ago I think the inputs need to be filtered. Some already are. I currently don't have time to work on the project, I invite the community to do so
tranmh
commented
4 months ago PR #94 is merged. So closing.
It is possible to at creation time of static QR code to insert the following string for Filename and Text: <img src/onerror=prompt(8)> and <img src/onerror=prompt(11)>
Doing, it is proven that it is possible do XSS to other users being on the same system, if revisiting the system: https://giandonatoinverso.it/qrcode/static_qrcodes.php
I hope you have an idea how to fix it.
Thx.