Prevent XSS attack by sanitizing the content of the textbox in _filter_advanced.tt

sni / Thruk

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API.

http://www.thruk.org

Other

406 stars 147 forks source link

Prevent XSS attack by sanitizing the content of the textbox in _filter_advanced.tt #1374

Closed ketra closed 2 months ago

ketra commented 2 months ago

Prevent XSS attack by sanitizing the content of the textbox.

The Filter had a possibility for an XSS attack by appending the following to the url of any page utilizing the advanced filter: "q=<img src=fake onerror=alert("XSS")>"

sni commented 2 months ago

looks good, thanks