Open scripting opened 8 months ago
A security issue was reported where a user could visit this location:
https://feedland.org/?username=vortfu%3Cscript%3Ealert(document.location)%3C/script%3E
The script would execute, because at some point in the process the text of the username value is inserted into the page and the browser runs it.
Now when processing all URL params, the text is neutered, ie Githubissues.
A security issue was reported where a user could visit this location:
https://feedland.org/?username=vortfu%3Cscript%3Ealert(document.location)%3C/script%3E
The script would execute, because at some point in the process the text of the username value is inserted into the page and the browser runs it.
Now when processing all URL params, the text is neutered, ie Githubissues.