Displayed passwords/details are not HTMLencoded

markashleybell-org / vault

A simple web app for storing encrypted login/password details.

0 stars 1 forks source link

Displayed passwords/details are not HTMLencoded #26

Closed markashleybell closed 12 years ago

markashleybell commented 13 years ago

Passwords with symbols such as angle brackets can be misinterpreted as HTML...

markashleybell commented 12 years ago

This fixed closing brackets but not opening, and I'm not sure how it even did that... angle brackets need to be manually encoded in the client-side scripts whereever data is written to the page.