You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have the following scenario which is somewhat related with this, but I haven't been able to fix it using the suggested solution: my application has an input field, it cleans it using the Purifier and then dumps the response.
When I receive the following input: <img src=x onerror=alert(1)>
and I purify it, it becomes: <img src=x>
Nevertheless, when I receive the following input: <img src=x onerror=alert(document.cookie)>
and I purify it, it becomes: <img src=x onerror=alert(document.cookie)>
I assume this is not expected behaviour, as the alert(document.cookie) is not sanitized. This is leading to XSSs in several parts of the application. What is the recommended way to clean this?
Thanks!
The text was updated successfully, but these errors were encountered:
I have the following scenario which is somewhat related with this, but I haven't been able to fix it using the suggested solution: my application has an input field, it cleans it using the Purifier and then dumps the response.
When I receive the following input:
<img src=x onerror=alert(1)>and I purify it, it becomes:
<img src=x>Nevertheless, when I receive the following input:
<img src=x onerror=alert(document.cookie)>and I purify it, it becomes:
<img src=x onerror=alert(document.cookie)>I assume this is not expected behaviour, as the alert(document.cookie) is not sanitized. This is leading to XSSs in several parts of the application. What is the recommended way to clean this?
Thanks!
The text was updated successfully, but these errors were encountered: