Atom command doesn't sanitize input

Question

Atom command doesn't sanitize input

Opened this issue 6 years ago · 2 comments

The atom command in cogs/server.py doesn't do anything to make sure that 'element' doesn't have slashes or dots in it, so someone could potentially get it to request other pages on the Chemical Elements site. Not a big deal, but a simple regex could probably fix it.

Answer 1 · 2018-04-19T15:25:56.000Z

It just throws a 404 at the moment but I'll get round to showing specific 'invalid char' error msg when I can.

Answer 2 · 2018-05-05T17:20:55.000Z

So, that specific issue was fixed but now it just 404s every time a correct element is sent.