Fix domain reflection xss

movableink / doorman

HTTP Proxy + OAuth

MIT License

167 stars 52 forks source link

Fix domain reflection xss #62

Closed mchesler closed 4 years ago

mchesler commented 4 years ago

The current implementation changes "></A></ADDRESS>"><script>alert(document.domain)</script><ADDRESS><A "/xss/" to ></A></ADDRESS>"><script>alert(document.domain)</script><ADDRESS><A "/xss/". It should instead change it to AADDRESSscriptalertdocument.domainscriptADDRESSAxss.

[ch38573]