Replies: 4 comments 5 replies
-
|
It is regularly tested by external as I receive possible CVEs details. But please provide me what your security team shared with you. |
Beta Was this translation helpful? Give feedback.
-
|
Hello, Is it possible to add xss filtering (e.g. xss_clean) for fields that are displayed to other users (username, email address, item name, etc) |
Beta Was this translation helpful? Give feedback.
-
|
All fields are already sanitized using Elegantweb/sanitize library which relies on PHP htmlspecialchars() function. |
Beta Was this translation helpful? Give feedback.
-
|
Hello, Thank you for your answer. Maybe I need to enable something, install some server-side extension? |
Beta Was this translation helpful? Give feedback.
-
|
I'm bumping and confirm issue with this topic. In the text field where the user can change the name/surname, is still an error that allows the execution of the XSS script (confirming what rbartczak wrote). |
Beta Was this translation helpful? Give feedback.
-
|
Hello, Thank you very much for implementing DOMPurify, great job! Is it possible to include the Label/Login field when creating a new item? |
Beta Was this translation helpful? Give feedback.
-
|
Same request in folder name/label. |
Beta Was this translation helpful? Give feedback.
-
|
@rbartczak
|
Beta Was this translation helpful? Give feedback.
-
|
Please retest in 3.0.7 and close if fixed |
Beta Was this translation helpful? Give feedback.
-
We have received information from our security team about an XSS vulnerability (e.g. session stealing).
I can see in the code that there is information about XSS security.
Have you tested xss vulnerabilities?
Beta Was this translation helpful? Give feedback.
All reactions