Closed btsibr closed 6 years ago
modules.haml echos the user's query back without escaping, resulting in a XSS vulnerability
We've patched the acute issue by adding: - query = CGI::escape(query)
- query = CGI::escape(query)
Not being a Rails expert, I'm not sure if there is a better way to:
Fixed by the https://github.com/unibet/puppet-forge-server/pull/65
modules.haml echos the user's query back without escaping, resulting in a XSS vulnerability
We've patched the acute issue by adding:
- query = CGI::escape(query)
Not being a Rails expert, I'm not sure if there is a better way to: