abp icon indicating copy to clipboard operation
abp copied to clipboard
verified publisher icon abpframework

Default pages like role is accepting malicious content, causing a security issue.

Open Keertesh opened this issue 1 year ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Description

image

Reproduction Steps

got to admin add role add script tag and write contyent.

Expected behavior

it should block the tags

Actual behavior

it should not accept html javascript tags

Regression?

No response

Known Workarounds

No response

Version

7.3.1

User Interface

Common (Default)

Database Provider

EF Core (Default)

Tiered or separate authentication server

None (Default)

Operation System

Windows (Default)

Other information

No response

Keertesh avatar Feb 08 '24 09:02 Keertesh

We protected this in the UI, but did not restrict the content.

https://learn.microsoft.com/en-us/aspnet/core/security/cross-site-scripting?view=aspnetcore-8.0

maliming avatar Feb 09 '24 01:02 maliming