Fix for XSS vulnerability in the 'url' parameter in ombott/error_render.py when an error is rendered

valq7711 / ombott

This is bottle spin-off (One More BOTTle)

MIT License

8 stars 5 forks source link

Closed ch-rigu closed 5 months ago

ch-rigu commented 9 months ago

There is a XSS Reflected vulnerability in 'url' parameter when an error is rendered.

sanitizing the 'url' parameter fix this issue:

lucadealfaro commented 5 months ago

@mdipierro I am in favor of merging (but I cannot merge).