Fix possible XSS issues

siwapp / siwapp-ror

Online Invoice Management in Ruby On Rails.

http://www.siwapp.com

MIT License

328 stars 183 forks source link

Closed sonic182 closed 2 years ago

sonic182 commented 2 years ago

force_ssl default true, but optional by env var (xss security)
dummy fix for migrations, so new migrations can be done
Validate address fields, to avoid saving html tags, this way it is not possible to do XSS displaying bills

sonic182 commented 2 years ago

@peillis @agutierrezrodriguez added validation for address fields (the only field that gets html_safe so XSS is possible without this pr)