openfun / fun-apps

:warning: DEPRECATED :warning:
Other
15 stars 20 forks source link

🐛(funsite) escape user's self entered fields to prevent XSS #653

Closed rmoch closed 5 years ago

rmoch commented 5 years ago

Fullname and email a freely entered by user and are not verified for special characters by form in dogwood. This could lead to XSS exploit when rendered in mako templates which do not escape strings as default.