XSS issue for user generated content

This issue has been tracked since 2022-11-21.

First off, thanks for making this toolkit, it is a breath of fresh air. The description of project scope immediately appealed to me. I wish the project well.

Related to #8 Any type of user generated data can contain XSS vulnerabilities. Using a sample from https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

Which gives you:

I think you should put a warning at minimum on the docs/readme until all known XSS issues are resolved. Thanks again for the project and its inspiring scope.

justin-schroeder wrote this answer on 2022-11-21
3

Yeah this is a bug that needs to get fixed. Its actually a regression from a previous private version. But definitely on the short list of things to get fixed

justin-schroeder wrote this answer on 2022-11-22
1

This should be fixed now in Alpha 2

More Details About Repo
Owner Name justin-schroeder
Repo Name arrow-js
Full Name justin-schroeder/arrow-js
Language TypeScript
Created Date 2022-11-08
Updated Date 2023-03-28
Star Count 1240
Watcher Count 21
Fork Count 22
Issue Count 7

YOU MAY BE INTERESTED

Issue Title Created Date Updated Date

Popular Frameworks
Programming Languages

Copyright © Codesti | Contact