Closed stash closed 10 years ago
@amalkrishnancg a quick review for you if you've got a few minutes.
" Internet Explorer (IE) doesn't encode double quote characters (") in the query part of the uniform resource identifier (URI). This behavior, besides being non standard (as stated by RFC and implemented by other browsers including Chrome or Firefox) may expose IE users to reflected XSS attacks. "
http://blog.imperva.com/2012/01/ie-bug-exposes-its-users-to-xss-attacks-.html
ok then! closing as invalid. :)
Yeah, IE is not fun :)
Fairly sure that in all environments
"
will get encoded byencodeURIComponent()
to%22
. The line removed is wrong (had%27
instead of%22
), but was getting masked byencodeURIComponent
in all the test environments.