Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed xss in addOperation #1549

Merged
merged 6 commits into from
Feb 4, 2024
Merged

Fixed xss in addOperation #1549

merged 6 commits into from
Feb 4, 2024

Conversation

brun0ne
Copy link
Contributor

@brun0ne brun0ne commented Apr 6, 2023

Fixes #1468. Does not seem to break anything.

@brun0ne
Copy link
Contributor Author

brun0ne commented Apr 7, 2023

I was not able to reproduce this failure by running testui on Chrome 112.0.5615.49 - I'm not sure why it happened

@brun0ne brun0ne marked this pull request as draft April 7, 2023 01:13
@brun0ne brun0ne closed this Apr 7, 2023
@brun0ne brun0ne deleted the fix-xss branch April 7, 2023 01:32
@brun0ne brun0ne restored the fix-xss branch April 7, 2023 12:49
different fix which does not break any tests
@brun0ne brun0ne reopened this Apr 7, 2023
@brun0ne brun0ne marked this pull request as ready for review April 7, 2023 12:59
@a3957273
Copy link
Member

a3957273 commented Feb 4, 2024

Hey, this is a really nice solution to the XSS bug. Verifying it's a valid operation is a clean solution.

@a3957273 a3957273 merged commit 75c4e19 into gchq:master Feb 4, 2024
4 checks passed
@31453
Copy link

31453 commented Apr 25, 2024

Hey! The XSS bug still exists:

https://gchq.github.io/CyberChef#recipe=%3Cimg_src%3dx_onerror%3d'confirm%601%60'/%3E('Space',false)Generate_all_hashes()&input=test

@brun0ne
Copy link
Contributor Author

brun0ne commented Apr 25, 2024

I don't see the check in the current version of the file, seems it got removed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

XSS vulnerability in your website
3 participants