search

z-classic / z-nomp

z-nomp is mining pool software for Zcash and Zclassic so you can create internet money in your home!
MIT License
288 stars 441 forks source link

Fixed Vulnerable of Cross Site Scripting #259

Closed kalmare closed 6 years ago

kalmare commented 6 years ago

Run any codes if the user opened /worker/{Addr} page of a malicious worker.

thghdbs commented 6 years ago

I am not sure this fix also fixes the display of offending html in the miner_stats worker chart legend, as displayed in the picture below:

eedff661-2ced-4d49-8476-c71808bdab90

hellcatz commented 6 years ago

See https://github.com/z-classic/node-stratum-pool/pull/29

kalmare commented 6 years ago

This pull-req is only guarding XSS. so it has no concern problems or issues of chart legend.