Open lefthandedgoat opened 8 years ago
that's meant as a band-aid until a proper fix can be applied to a site
@jeroldhaas Ok good, info. I will definitely do more research before I implement something.
Perhaps I can assist. Can you provide more info on this bug? Is text entered into textboxes getting eval
ed?
Basic Idea is that I know there is a lot of things about web dev that I don't know, and managing and preventing XSS is one of them, so this is a todo for me to research and implement a fix.
I did test it and put a script tag in an input box, and after saving it, it did evaluate the script tag on rendering the 'view' page.
These might be a good starting point - there are some more but their compatibility with Suave might be suspect:
You can enter into the text box and it will run the js when loading the view page.