Fixed XSS vulnerability by sanitizing fields when adding via Javascript

kandanapp / kandan

Kandan is an Open Source Alternative to HipChat

GNU Affero General Public License v3.0

2.72k stars 407 forks source link

Fixed XSS vulnerability by sanitizing fields when adding via Javascript #333

Closed scouttyg closed 10 years ago

scouttyg commented 10 years ago

Fixes issue #330 where someone could have a username or other fields that cause XSS attacks. I'm sure it's not the only way you could do XSS attacks, but it fixes one of them.

scouttyg commented 10 years ago

Woops-- forgot one thing. Don't pull in quite yet.

scouttyg commented 10 years ago

Alright this should be good to go -- but I think there may be some instances remaining. Still, a good start to clean up this XSS stuff.