Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
None
-
None
-
None
Description
Adding illegal characters (<...>) to some of the parameters of the ReferredPagesPlugin are not properly escaped in the output of the plugin.
EG:
[{ReferredPagesPlugin page='"><svg onload=alert(/page_xss/)>' type='local|external|attachment' depth='1..8' include='regexp"><svg onload=alert(/include_xss/)>' exclude='regexp"><svg onload=alert(/exclude_xss/)>'}]