Do not return malformed parameters back to the user.

Question

Do not return malformed parameters back to the user.

Opened this issue 9 years ago · 0 comments

Returning malformed parameters in error-messages opens a door for XSS attacks.
If the "model" or "ID" parameter contains malicious code and a developer displays error-messages in his application, there's the potential for an XSS attack.