Jmol-SwingJS icon indicating copy to clipboard operation
Jmol-SwingJS copied to clipboard
verified publisher icon BobHanson

Fix xss issue in php error output

Open jason-platts opened this issue 4 years ago • 0 comments

This php change sanitises error message output to prevent Reflected Cross-Site Scripting using htmlspecialchars() e.g. php/jsmol.php?call=getInfoFromDatabase&database=<svg/onload=alert(document.cookie)> will output an error which executes the javascript.

jason-platts avatar Aug 09 '21 15:08 jason-platts