silverstripe-restfulapi icon indicating copy to clipboard operation
silverstripe-restfulapi copied to clipboard

Published 20 hours ago verified publisher icon colymba

Do not return malformed parameters back to the user.

Open bummzack opened this issue 8 years ago • 0 comments

Returning malformed parameters in error-messages opens a door for XSS attacks. If the "model" or "ID" parameter contains malicious code and a developer displays error-messages in his application, there's the potential for an XSS attack.

bummzack avatar Sep 18 '15 14:09 bummzack