Add necessary user input validation for various properties/fields in user, ontology, notes, projects, etc, in order to mitigate Cross-Site Scripting vulnerabilities.
here is an example of Persistent XSS vulnerability which will run a malicious Java script in the user's browser when they access ontoportal:
Most of the fields should be restricted to alphanumeric characters plus perhaps space, underscore, and dash in names/descriptions/etc of ontologies/users/notes/projects.
Yeah totally agree on this, I think it should be implemented at the level of Goo, where each of our attribute getters always call html_escape if string.
Add necessary user input validation for various properties/fields in user, ontology, notes, projects, etc, in order to mitigate Cross-Site Scripting vulnerabilities.
here is an example of Persistent XSS vulnerability which will run a malicious Java script in the user's browser when they access ontoportal:
Most of the fields should be restricted to alphanumeric characters plus perhaps space, underscore, and dash in names/descriptions/etc of ontologies/users/notes/projects.