Reflected XSS in the default Exception view

Question

Closed this issue 4 years ago · 1 comments

A specially crafted URL can offer successful XSS exploitation.

Answer 1 · 2021-03-10T17:23:30.000Z

A good belt+suspenders approach is having a ->where('preg_match'=>'a-zA-Z0-9') on all routes parameters in addition to this fix.