Check security of jeckyll jsonify
Opened this issue · 0 comments
SteveALee commented
XSS attacks are potentially possible given some data in text fields is user entered so untrusted..
eg with text </script><script>alert('mwahaha!!')</script>
As a minimum should escape all the unsanitised input text in the liquid templates, eg in HTML using escape
or escape_once
:
Could also sanitise the input before adding to the JSON file