search

schmunk42 / yii2-giiant

Yii 2 Framework Code Generator Gii on Steroids
271 stars 120 forks source link

Fix XSS Vulnerability in CRUD views generated #237

Closed maximilianoraul closed 6 years ago

maximilianoraul commented 6 years ago

Added Html::encode in CRUD views default templates to fixing XSS Vulnerability when using string in primary key. XSS Attack image

Fixed image

maximilianoraul commented 6 years ago

Database Schema

CREATE TABLEtest( idvarchar(100) CHARACTER SET utf8 NOT NULL, description` text CHARACTER SET utf32 NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1;

ALTER TABLE test ADD PRIMARY KEY (id);

INSERT INTO test (id, description) VALUES ('', 'Text ID - Test XSS');`

schmunk42 commented 6 years ago

Thank you!