Skip to content

Web UI inputs evaluate HTML and JavaScript content (Cross-Site Scripting vulnerability) #425

Description

@iwittkau

Scripts or HTML content in request fields get evaluated.

Put something like this in a text field:

<script>alert('boom')</script>

and the script will be evaluated on focus changes.

HTML content like <h1>Test</h1> will be rendered in "Raw Request" tab.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions