I did a second audit last year and found few more XSS issues (6f736ebc7941cf77af8fef4f1ee55567617a17bb, d0368427fd79bb008f1585f0b8058678d8f24a7a, 0a0ed90161433757a8a7c7bca9fa41e756c812fe) and two SQL injections (f4ef9f115402f9d9e2be4596dfbd0a5550b28cd7, abc363b4fabae9e8969a3f96ce8db29ada8de073). This PR also includes other mitigations such as securing cookies with HttpOnly, Secure and SameSite=Lax (1e1195b9a16ee04bb11bb481a6b5511f8afa169b), setting a Content-Security-Policy (a4f3d25280f5ffe26cca70bc769e9c610d974fdb) and more.
Upstreamed from fork: https://github.com/NeKzor/board Original PR: https://github.com/iVerb1/Portal2Boards/pull/9
I did a second audit last year and found few more XSS issues (6f736ebc7941cf77af8fef4f1ee55567617a17bb, d0368427fd79bb008f1585f0b8058678d8f24a7a, 0a0ed90161433757a8a7c7bca9fa41e756c812fe) and two SQL injections (f4ef9f115402f9d9e2be4596dfbd0a5550b28cd7, abc363b4fabae9e8969a3f96ce8db29ada8de073). This PR also includes other mitigations such as securing cookies with
HttpOnly
,Secure
andSameSite=Lax
(1e1195b9a16ee04bb11bb481a6b5511f8afa169b), setting aContent-Security-Policy
(a4f3d25280f5ffe26cca70bc769e9c610d974fdb) and more.