Check problems with XSS filtering

Open flaix opened this issue 5 years ago • 1 comments

The XSS filter sometimes prevents legitimate actions. It seems like the XSS filter needs some rework. We need to check where and what it filters and make sure that it doesn't filter too much. We also need to check if it is still up to date and can prevent current attacks. A unit test based on OWASP should be added.

[x] #822
[x] #864
[ ] #1339

Nov 01 '20 15:11 flaix

#864 turned out not to be a XSS related problem and #822 is not reproducible, so seems already fixed. Moving this to milestone 1.10.1. I'll leave it open, since the XSS filtering may turn out to become a bigger topic.

Dec 07 '21 21:12 flaix