DNN.Blog icon indicating copy to clipboard operation
DNN.Blog copied to clipboard
verified publisher icon DNNCommunity

Comments are not HTML encoded

Open AugustKarlstedt opened this issue 9 years ago • 0 comments

This leaves the commenting system open to XSS attacks and HTML injection.

Before saving a comment to the database, it should be encoded.

AugustKarlstedt avatar Oct 06 '16 20:10 AugustKarlstedt