Full source for astronomytonight.net, a site for amateur astronomers. The site has basic astronomy data for any location, and weather data for specific countries (the US and Canada). Customizable for your observing location.
BSD 2-Clause "Simplified" License
3
stars
0
forks
source link
Form prepopulation - likely cross-site-scripting vulnerability #6
In the mechanism for pre-populating forms with the most recent data, I inject raw request params into the DOM, as part of hidden input controls in a form. (These recycle back to the original form.) That injected data is not escaped, so there's likely a problem with cross-site-scripting there.
In the mechanism for pre-populating forms with the most recent data, I inject raw request params into the DOM, as part of hidden input controls in a form. (These recycle back to the original form.) That injected data is not escaped, so there's likely a problem with cross-site-scripting there.