Input sanitization problem : "<firstchild>\s+" is allowed.

Created on 17 January 2013, almost 12 years ago

Updated 31 March 2023, over 1 year ago

Hello,

In the path field of the menu item addition form, if one does enter "<firstchild> " (i.e. the "<firstchild>" tag followed by any number of white spaces), then the path is considered as valid. Then, the link will point to something looking like http://www.example.com/<firstchild>%20.

We should not be able to enter an invalid path.

Best,
Julien

🐛 Bug report

Status

Closed: outdated

Version

1.6

Component

Code

Created by

🇨🇭Switzerland jlnknz

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
🇫🇷France anrikun

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024