Cross-Site Scripting XSS (store javascript data without validation)

mentioned in merge request !1 (closed)

mentioned in merge request !2 (closed)

mentioned in merge request !3 (merged)

closed via merge request !3 (merged)

mentioned in commit d5703941

sistem akan menyimpan semua text yang diinput oleh user tanpa validasi atau escaping. Apabila user menggunakan tulisan javascript ( maka sistem akan menjalankan javascriptnya karena tidak di escape.

solve : sistem akan melakukan escape terhadap karakter < diganti dengan "".

Cross-Site Scripting XSS (store javascript data without validation)

Child items

Activity

Admin message

Cross-Site Scripting XSS (store javascript data without validation)

Child items

Linked items

Related merge requests

Activity