Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Encoded the exception message so that the JavaScript cannot be insert… #67

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

petmongrels
Copy link

…ed into it via the request parameters. Sometimes the request parameters are sent back in the error response.

e.g. /openmrs/coreapp%3Cimg%20src=a%20onerror=alert(1)%3E/findpatient/findPatient.page

…ed into it via the request parameters. Sometimes the request parameters are sent back in the error response.

e.g. /openmrs/coreapp%3Cimg%20src=a%20onerror=alert(1)%3E/findpatient/findPatient.page
@HerbertYiga
Copy link

thanks @petmongrels you can first fix the conflicting files for this

@isears
Copy link
Member

isears commented Aug 7, 2021

@petmongrels I think it's possible that this bug has already been patched here: #52 (although possibly not released until much more recently)

Could you confirm that it solves this problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants