elongstreet88 issues

Repositories
Issues
Comments

Results 3 issues of


                                            elongstreet88

Added support for parameter `latest_prefix`.

Allows "/latest" to be specified.

Fix header url param to not render html to resolve XSS

Fixes https://github.com/billchurch/webssh2/issues/345 `http://localhost:2222/ssh/host/mydevice.local?header=` Before: ![image](https://github.com/billchurch/webssh2/assets/2525601/ab3ad052-30c3-4fd9-93c4-3581cac57d6d) After: Note - This could be breaking if someone is using the header for HTML rendering, however, i would say this is still justified.

Cross Site Script (XSS) attack on at least the `header` url param

You can execute a xss using at least the header url param (didnt check others, but assume the same for anything page rendering). Ex: `http://localhost:2222/ssh/host/mydevice.local?header=` Output: The params would need...