-
-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security: JS injection issue in petition page #183
Comments
fallen
changed the title
Secutiry: JS injection issue in petition page
Security: JS injection issue in petition page
Dec 14, 2019
fallen
added a commit
that referenced
this issue
Dec 20, 2019
fallen
added a commit
that referenced
this issue
Dec 21, 2019
It seems no longer possible to inject trivially JS. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
it is possible to inject JavaScript into the petition content in the petition page.
That could be used to steal the identification cookie for instance.
see : https://pytitiondemo.sionneau.net/petition/user/JeanMichelApathie/my-petition
The text was updated successfully, but these errors were encountered: