bookstack/app/Http/Controllers/AttachmentController.php at 349162ea139556b2d25e09e155cec84e21cc9227

mirror of https://github.com/BookStackApp/BookStack.git synced 2025-12-07 05:22:22 +03:00

Files

Dan Brown 349162ea13 Prevented possible XSS via link attachments

This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.

2020-10-31 15:01:52 +00:00

7.9 KiB

Raw Blame History

View Raw

7.9 KiB Raw Blame History

7.9 KiB

Raw Blame History