Uploaded image for project: 'AeroGear'
  1. AeroGear
  2. AEROGEAR-1066

Fix xss issue on TODO app

    XMLWordPrintable

Details

    • Task
    • Resolution: Obsolete
    • Major
    • 1.future
    • 1.0.0.CR1, 1.0.0
    • examples
    • None

    Description

      The todo app does not prevent xss.

      Adding the following description to a task will demonstrate the issue:

      <h1 onmouseover='alert(new Date())'>"Come on!"</h1>
<marquee><h2> dsssssd </h2></marquee>

      Thanks to the person that did this on the https://todo-aerogear.rhcloud.com/, for providing this example.

      Attachments

        Activity

          People

            Unassigned Unassigned
            dbeveniu Daniel Bevenius (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: