XSS issue for user generated content
jeberly opened this issue · 2 comments
First off, thanks for making this toolkit, it is a breath of fresh air. The description of project scope immediately appealed to me. I wish the project well.
Related to #8 Any type of user generated data can contain XSS vulnerabilities. Using a sample from https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
Which gives you:
I think you should put a warning at minimum on the docs/readme until all known XSS issues are resolved. Thanks again for the project and its inspiring scope.
Yeah this is a bug that needs to get fixed. Its actually a regression from a previous private version. But definitely on the short list of things to get fixed
This should be fixed now in Alpha 2