Uploaded image for project: 'OODT'
  1. OODT
  2. OODT-364

prevent XSS attacks via malformed query string

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.3
    • 0.4
    • balance

    Description

      At the moment the URL is stored 'as is' in the ApplicationRequest object. If shown later in a view, (e.g.: on a 404 page) it represents an XSS hole. To protect against this, the url should be sanitized through a call to htmlentities() prior to storage

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            ahart Andrew Hart
            ahart Andrew Hart
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment