| Issue 23: | XSS Vulnerability | |
| Back to list |
Enano presents an XSS vulnerability when posts are edited in the HTML scope. To fix this bug, TinyMCE recommends implementing an HTML purifier. Another option would be to clean the user input by using the replace function in JavaScript as follows: String.replace(javascript:, ""); String.replace(script:, ""); This will replace attempted script tags with a whitespace.
Jun 2, 2011
#1
dan%enan...@gtempaccount.com
Status:
Done
|