Uploaded image for project: 'AeroGear'
  1. AeroGear
  2. AEROGEAR-1066

Fix xss issue on TODO app

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Obsolete
    • Icon: Major Major
    • 1.future
    • 1.0.0.CR1, 1.0.0
    • examples
    • None

      The todo app does not prevent xss.

      Adding the following description to a task will demonstrate the issue:

      <h1 onmouseover='alert(new Date())'>"Come on!"</h1>
<marquee><h2> dsssssd </h2></marquee>

      Thanks to the person that did this on the https://todo-aerogear.rhcloud.com/, for providing this example.

              Unassigned Unassigned
              dbeveniu Daniel Bevenius (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: