Sma-Das
commented
1 year ago This is an issue with bleach from Django. I do not believe there are any associated security issues currently but it is worth investigating
Open MoralCode opened 1 year ago
Sma-Das
commented
1 year ago This is an issue with bleach from Django. I do not believe there are any associated security issues currently but it is worth investigating
MoralCode
commented
1 year ago thanks for the tip!
i was thinking security in the sense that if we allow too much HTML to be actually rendered by the user, it could be a situation where someone could put a malicious <script> tag in the title or something, but i this is handled by a django library they probably thought of that
https://pawprints.rit.edu/?p=3416 is an example.
This seems like it might be a bug with how user-input content is escaped and displayed. This also may have some larger security implications if fixed incorrectly