XSS vulnerability when using AJAX.
Mamsaac opened this issue · 1 comments
Mamsaac commented
When I implemented datatables with AJAX for my own library I had this pitfall before tests, so I decided to check if the library had the issue, and after a quick test, it does.
To try it:
- Open example project.
- Open django shell (
python manage.py shell
). - Add the following:
from app.models import *
Organization(name="<script>alert(1)</script>").save()
Person(name="<script>alert(1)</script>", organization=myorg).save()
- Run development server (
python manage.py runserver
) - Select to load any of the two AJAX-based tables.
You fill find it gives you an alert(1) javascript popup.
Non-ajax tables load their columns escaped.
I was too lazy to validate where in your code you stop using escape() when rendering the column.
shymonk commented
Great issue! Thanks a lot!