Closed dontcallmedom closed 3 years ago
@dontcallmedom @jean-gui I was the one who reported the vulnerability. I'm sorry if my words are inappropriate. But I was unable to deploy the unicorn and check the suggested edits. Everything worked perfectly, XSS on my Payloads are no longer observed. HTML is escaped. You can check it here: http://80.211.182.47:8081/unicorn/
@savproga many thanks for verifying the patch! I'll work with @jean-gui in getting it deployed then.
Fix XSS risk
@jean-gui I haven't tested it and am light years away of being in a position to test it, so your help in verifying this fix the bug and in deploying it if it does would be greatly appreciated