jsErrLog icon indicating copy to clipboard operation
jsErrLog copied to clipboard

Published 20 hours ago verified publisher icon Offbeatmammal

(docs) The php example for response is not xss safe

Open alexlehm opened this issue 10 years ago • 0 comments

The php example on the docs page uses a pattern that is not xss safe, while this may not be directly exploitable if the report script is setting the correct content-type, it is still a good practice to provide safe examples (it might be exploitable if the content-type is text/html).

jsErrLog.removeScript(<?=$_GET['i']?>);

at least requires a regex check to avoid xss

<?
$i=$_GET['i'];
if(preg_match('/^[0-9]+$/',$i)===FALSE) [
  $i=0;
}
?>
jsErrLog.removeScript(<?=$i?>);

(I hope I got the script correct, typed this from memory)

alexlehm avatar Mar 17 '14 22:03 alexlehm