tileserver-gl icon indicating copy to clipboard operation
tileserver-gl copied to clipboard

Published 20 hours ago verified publisher icon maptiler

XSS vulnerability

Open andrevus opened this issue 3 years ago • 0 comments

Steps to reproduce

  1. Start tileserver-gl
  2. Open url http://localhost:8080/styles/basic-preview/?key=l5uof%27-alert(1)-%27t0shv#0.89/0/0

This issue is connected with #461. I think that this can be fixed used library eg. express-sanitizer, cause encodeURIComponent don't fix this problem.

andrevus avatar Mar 25 '21 13:03 andrevus