Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper Input Validation #646

Open
dinukadesilva opened this issue Jun 20, 2020 · 1 comment
Open

Improper Input Validation #646

dinukadesilva opened this issue Jun 20, 2020 · 1 comment
Assignees
@dinukadesilva
Labels
VAPT
Milestone
SL CERT VAPT Repo...

Comments

@dinukadesilva
Copy link
Member

dinukadesilva commented Jun 20, 2020
edited
Loading

Length of the input filed also should be defined to avoid buffer overflow attacks.
@dinukadesilva dinukadesilva self-assigned this Jun 20, 2020
dinukadesilva added a commit to dinukadesilva/results-tabulation that referenced this issue Jun 23, 2020
@dinukadesilva
ECLKgh-646: Setting a max length of 100 to all the non numeric text f…
b8d8709 
…ields
dinukadesilva added a commit that referenced this issue Jun 23, 2020
@dinukadesilva
Merge pull request #651 from dinukadesilva/gh-646-setting-max-length-…
0aac671 
…for-non-numeric-text-fields

gh-646: Setting a max length of 100 to all the non numeric text fields
@dinukadesilva dinukadesilva reopened this Jul 12, 2020
@dinukadesilva
Copy link
Member Author

User input should be HTML-encoded at any point where it is copied into application responses. All HTML meta characters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

@nshamit nshamit added this to the SL CERT VAPT Report Issues milestone Jul 14, 2020
dinukadesilva added a commit that referenced this issue Jul 22, 2020
@dinukadesilva
Merge pull request #727 from umayangag/html-encoding
4c17a29 
fix improper input value issue #646
@umayangag umayangag mentioned this issue Jul 22, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dinukadesilva dinukadesilva

Labels
VAPT
Projects
None yet
Milestone
SL CERT VAPT Report Issues
Development

No branches or pull requests
2 participants
@dinukadesilva @nshamit