gregcope
commented
3 years ago Also WAF would be a good idea!
Open gregcope opened 3 years ago
gregcope
commented
3 years ago Also WAF would be a good idea!
gregcope
commented
3 years ago gregcope
commented
3 years ago Ah. escape is depreciated!
https://docs.python.org/3.7/library/cgi.html#cgi.escape https://stackoverflow.com/questions/32054891/python-input-sanitization
input = '<>&'
output = html.escape(input)
print(output)
<>&```
Someone is sending;
">
In the name field that results in a Cross Site Scripting style popup to appear!
Need to filer input like line 10 here; https://code.activestate.com/recipes/496942/
Need to filter; https://github.com/gregcope/pastyAndChablis/blob/master/cloudformation-app.yaml#L78 https://github.com/gregcope/pastyAndChablis/blob/master/cloudformation-app.yaml#L82