Do not return malformed parameters back to the user.
Opened this issue · 0 comments
bummzack commented
Returning malformed parameters in error-messages opens a door for XSS attacks.
If the "model" or "ID" parameter contains malicious code and a developer displays error-messages in his application, there's the potential for an XSS attack.