Issue #3 resolved

security: XSS by URL item_name

Thomas Waldmann
repo owner created an issue

The item_name part of the URL is not always escaped correctly, see:

http://test.moinmo.in/+meta/%22%3Cscript%3Ealert%281%29%3B%3C/script%3E

TODO: do a global review for such stuff

Comments (5)

  1. Log in to comment