nuts icon indicating copy to clipboard operation
nuts copied to clipboard

Published 20 hours ago verified publisher icon GitbookIO

Add escaping for bad platform string.

Open flohdot opened this issue 8 years ago • 2 comments

Mitigates XSS on bad download URLs such as https://YOUR.NUTS.URL/download/version/2.0.0/%3Cimg%20src=x%20onerror=alert(1)%3E and https://YOUR.NUTS.URL/download/channel/alpha/%3Cimg%20src=x%20onerror=alert(1)%3E

I don't see anywhere I could just insert a test for this in the existing suite.

flohdot avatar Apr 04 '17 14:04 flohdot

Thanks!

wallymathieu avatar Dec 11 '17 12:12 wallymathieu

Hi, I merged the project to a new repo to start maintain it, I would be glad if you can put your pull request here : https://github.com/loprima-l/nuts-2

loprima-l avatar Apr 08 '23 22:04 loprima-l