There are already some places currently vulnerable to JS injection that need to be fixed:
account page links
account page bio
And some places that should implement the fix when they’re introduced:
contribution submission
To do so, my current plan is to follow this guide from Medium and implement a method to escape html characters (<,>,&) before submitting text to the database.
ogallagher
commented
4 years ago
There are already some places currently vulnerable to JS injection that need to be fixed:
And some places that should implement the fix when they’re introduced:
To do so, my current plan is to follow this guide from Medium and implement a method to escape html characters (<,>,&) before submitting text to the database.