Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS issue while rendering link(website) #4015

Closed
ghost opened this issue Jun 3, 2015 · 2 comments
Closed

XSS issue while rendering link(website) #4015

ghost opened this issue Jun 3, 2015 · 2 comments

Comments

@ghost
Copy link

ghost commented Jun 3, 2015

No description provided.

@ghost ghost changed the title XSS issue while rendering link(website) . Jun 3, 2015
@ghost ghost changed the title . XSS issue while rendering link(website) Jun 3, 2015
@syranide
Copy link
Contributor

syranide commented Jun 3, 2015

The responsibility of sanitizing user data falls on you (or 3rd-party helpers). It's usually advisable to reject any non-absolute non-HTTP(S) URLs really. This applies to all properties that are interpreted in any way, so beware of styles (colors, sizes, etc) too.

@syranide
Copy link
Contributor

syranide commented Jun 3, 2015

#3473

@zpao zpao closed this as completed Jun 3, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zpao @syranide