Only call setrawcookie when the value has no speical characters

Created on 23 June 2025, 14 days ago

Problem/Motivation

We got an error logged when somebody tried an XSS attack with a changed redirect value. It did not work and the attack was logged. Which is great. We can do a little more by checking the redirect value for special characters.

Proposed resolution

Check the redirect value for special characters.

Remaining tasks

TBD

User interface changes

None

API changes

None

Data model changes

None

🐛 Bug report

Status

Active

Version

4.0

Component

Code

Created by

🇳🇱Netherlands daffie

Live updates comments and jobs are added and updated live.

Merge Requests

!44Only call setrawcookie when the value has no speical characters
Open
🇳🇱Netherlands daffie
updated 14 days ago

Comments & Activities

Issue created by @daffie
Merge request !44Added check on redirect value for special characters → (Open) created by daffie
Comment 14 days ago →
🇳🇱Netherlands daffie
Uploaded the patch file and changed the status to NR.
Pipeline finished with Success
14 days ago
Total: 167s
#529337
Comment 13 days ago →
🇳🇱Netherlands daffie
Fixed typo

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024

Only call setrawcookie when the value has no speical characters

Problem/Motivation

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Merge Requests

!44Only call setrawcookie when the value has no speical charactersOpen

Comments & Activities

!44Only call setrawcookie when the value has no speical characters
Open