XSS - ListView

Open alan-null opened this issue 3 years ago • 2 comments

Expected Behavior

No XSS

Actual Behavior

XSS

Steps to Reproduce the Problem

$item = gi -path '/sitecore/content/Home'
$item.Title = '<script>alert(1)</script>'
$item | Show-ListView -Title "Test" -Property @{ Label = 'label'; Expression = { $_.Title } }

Apr 27 '22 05:04 alan-null

@alan-null Should it be replaced with anything?

Apr 28 '22 03:04 michaellwest

@michaellwest I think it's a good idea to indicate that someone is trying to do nasty things - I don't have any message/content preferences.

Apr 28 '22 06:04 alan-null