-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2.11.0-M4
-
Component/s: None
-
Labels:None
Adding illegal characters (<...>) to some of the parameters of the ReferredPagesPlugin are not properly escaped in the output of the plugin.
EG:
[{ReferredPagesPlugin page='"><svg onload=alert(/page_xss/)>' type='local|external|attachment' depth='1..8' include='regexp"><svg onload=alert(/include_xss/)>' exclude='regexp"><svg onload=alert(/exclude_xss/)>'}]