XSS vulnerability when using AJAX.

Question

XSS vulnerability when using AJAX.

Mamsaac opened this issue 9 years ago · 1 comments

When I implemented datatables with AJAX for my own library I had this pitfall before tests, so I decided to check if the library had the issue, and after a quick test, it does.

To try it:

Open example project.
Open django shell (python manage.py shell).
Add the following:

from app.models import *
Organization(name="<script>alert(1)</script>").save()
Person(name="<script>alert(1)</script>", organization=myorg).save()

Run development server (python manage.py runserver)
Select to load any of the two AJAX-based tables.

You fill find it gives you an alert(1) javascript popup.

Non-ajax tables load their columns escaped.

I was too lazy to validate where in your code you stop using escape() when rendering the column.

Answer 1 · 2015-09-20T09:44:36.000Z

Great issue! Thanks a lot!