You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I did notice that if I send a malicious payload on the query like: /search/query:%22ony=()%20onmouseover=prompt(document.location)%3E and query twig variable is printed on the page, it can be exploited, example:
<a href="/search/query:{{ query }}">Your search for {{ query}}</a>
The anchor will be manipulated to add malicious javascript code. What about provide some extra security by use HTMLPutifier or htmLawed as an option to clean the query twig var?
I did notice that if I send a malicious payload on the query like: /search/query:%22ony=()%20onmouseover=prompt(document.location)%3E and query twig variable is printed on the page, it can be exploited, example:
The anchor will be manipulated to add malicious javascript code. What about provide some extra security by use HTMLPutifier or htmLawed as an option to clean the query twig var?
Like this:
I did implement this on my side to mitigate a potencial XSS attack on the plugin since it is used site wide.
Thanks in advance
The text was updated successfully, but these errors were encountered: