Sysmo DB
  1. Sysmo DB
  2. SYSMO-1432

Double check the use of html_safe and h() to check for potential XSS or overzealous escaping

    Details

    • Type: Inquiry Inquiry
    • Status: Resolved Resolved
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.20
    • Labels:
      None

      Description

      should also check the encoding in JSON.
      Need to check for things like <script> and also characters that are URL incompatible in names,like '

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Quyen Nguyen
            Reporter:
            Stuart Owen
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: