Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

ユーザがURLを入力する欄(入力値検証を追加する) #294

Closed
dh-megane opened this issue Mar 7, 2019 · 0 comments
Closed

Comments

@dh-megane
Copy link
Collaborator

ユーザがURLを入力する欄にJavascriptを埋め込むことが可能。
XSS攻撃が可能なため、セキュリティ観点からチェック処理を追加する。

①MyPageFormでURL欄にJavaScriptプロトコルを入力し登録。
2019-03-08 3 23 56

②リンクをクリックする(GitHubアイコンをクリック)
2019-03-08 3 24 26

③JavaScriptが実行してしまう。
2019-03-08 3 24 45

# for free to join this conversation on GitHub. Already have an account? # to comment
Projects
None yet
Development

No branches or pull requests

1 participant