Cross site scripting via Markdown #21
-
|
It's possible to add arbitrary javascript to the contents of the files. Not sure how to prevent it with PHP, could refer to http://blog.astrumfutura.com/2013/04/20-point-list-for-preventing-cross-site-scripting-in-php/. You should look how to sanitize/escape your data with PHP |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Security should be a first class citizen, that's why we added a safe mode. Thanks again @Busata for reporting the bug, let me know if it comes back. |
Beta Was this translation helpful? Give feedback.
-
|
The safe mode has been replaced by HTML whitelist, see also #354. |
Beta Was this translation helpful? Give feedback.
Security should be a first class citizen, that's why we added a safe mode.
Thanks again @Busata for reporting the bug, let me know if it comes back.