search

ome / omero-mapr

An OMERO.web app allowing to browse the data through attributes linked to the image
https://pypi.org/project/omero-mapr/
GNU Affero General Public License v3.0
5 stars 12 forks source link

Mapr values aren't escaped properly #52

Open manics opened 5 years ago

manics commented 5 years ago

For example

omero obj map-set MapAnnotation:48604 mapValue 'Gene Symbol' '& </script><script>alert("hello!")</script>'

leads to an alert when loading the image.