Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS #95

Open
axvm opened this issue Jun 4, 2021 · 1 comment
Open

XSS #95

axvm opened this issue Jun 4, 2021 · 1 comment
Labels
bug Something isn't working help wanted Extra attention is needed

Comments

@axvm
Copy link

axvm commented Jun 4, 2021

Describe the bug

XSS в поле "фильтр" на главной странице

How to reproduce

https://rubyjobs.dev/?query=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E

Expected behavior

В инпуте юзера стрипается весь html шлак

Actual behavior

Инпут ломает форму и срабатывает как часть встроенного в страницу кода (XSS)

Additional context

Ну фундаментальная вещь же...

@davydovanton davydovanton added the bug Something isn't working label Jun 23, 2021
@davydovanton
Copy link
Owner

о, спасибо, не уследил

@davydovanton davydovanton added the help wanted Extra attention is needed label Jun 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

2 participants