XSS Vulnerability in Answer reply

kylejmorris / bedmath

Other

1 stars 0 forks source link

XSS Vulnerability in Answer reply #19

Closed kylejmorris closed 11 years ago

kylejmorris commented 11 years ago

Since no editor is setup, the quickreply feature is vulnerable to XSS.

JuriaanGregor commented 11 years ago

Wouldn't it be better to assign a Editor to it then ?

kylejmorris commented 11 years ago

That's a possibility, but the quick reply box is currently quite small. We could maybe assign a basic editor to it, so it doesn't have all the tools crowding up. The point of quick reply is to let a user type a "quick reply" in the little box provided.

Another possibility is using javascript or something, to have a chat appear if they click reply.

JuriaanGregor commented 11 years ago

May I ask what you mean by using a 'Chat' ?

kylejmorris commented 11 years ago

Fixed.