search

usgs / landslides-post-wildfire-debris-flow

A web application that displays estimates for the probability and volume of debris flows that may be produced by a storm in a recently burned area
Other
7 stars 6 forks source link

fix xss vulnerability #73

Closed jmfee-usgs closed 7 years ago

jmfee-usgs commented 7 years ago

objectid should be sanitized before it is output, otherwise a malicious user can execute arbitrary javascript: https://github.com/usgs/landslides-post-wildfire-debris-flow/blob/master/src/htdocs/detail.php#L18