voku
commented
1 year ago Can you please provide an example, thanks.
Update: Good question, now I see the problem, I'd say let's validate the url and if it's valid let go, but I'm sure at this point. :-/
Open alechner opened 1 year ago
voku
commented
1 year ago Can you please provide an example, thanks.
Update: Good question, now I see the problem, I'd say let's validate the url and if it's valid let go, but I'm sure at this point. :-/
voku
commented
1 year ago Maybe related to issue #103
What is this feature about (expected vs actual behaviour)?
Link url https://www.geolocation.com is not passing, also https://www.history.com
How can I reproduce it?
insert a link with one of the URLs above and it will report as it have xss
Does it take minutes, hours or days to fix?
don't know
Any additional information?
if the url have some string of (_never_allowed_js_callback_regex) plus a dot, it will report as positive. this detection occurs in lines (1153-1161) of AntiXSS.php