php-mongodb-admin icon indicating copy to clipboard operation
php-mongodb-admin copied to clipboard
verified publisher icon jwage

No Cross Site Scripting

Open mschultheiss opened this issue 12 years ago • 0 comments

If you add a entry like [field] = "[[script]]alert('XSS Attack');[[/script]]" to a document, the Javascript is executed. This change should fix the issue. Edit: Replace [[ and ]] with angle brackets, Github removed them from the description.

mschultheiss avatar May 24 '13 19:05 mschultheiss