Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fields using HTML should have some sort of XSS protection #3

Open
eriktm opened this issue Apr 3, 2021 · 0 comments
Open

Fields using HTML should have some sort of XSS protection #3

eriktm opened this issue Apr 3, 2021 · 0 comments
Labels
enhancement Enhancement to existing feature security This issue is related to security

Comments

@eriktm
Copy link
Member

eriktm commented Apr 3, 2021

Proposed Functionality

Fields that contains data should have some sort of XSS protection. This would usually be something that removes illegal tags and attributes.

Known fields that use HTML are the description and rules fields in Competition, with more to come.

Use Case

Improved protection against XSS attacks

Database Changes

None

External Dependencies

Possibly html-sanitizer
@eriktm eriktm added enhancement Enhancement to existing feature security This issue is related to security labels Apr 3, 2021
@eriktm eriktm added this to UNICORN Nov 26, 2021
@eriktm eriktm moved this to Todo in UNICORN Nov 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Enhancement to existing feature security This issue is related to security
Projects
UNICORN
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eriktm