Custom Profile Fields tutorial vulnerable to STORED XSS

Linear Mode

[Security] Custom Profile Fields tutorial vulnerable to STORED XSS

Crazycat Offline

Posts: 2,577
Threads: 100
Joined: Feb 2007
Reputation: 306

2022-01-09, 08:17 PM (This post was last modified: 2022-01-09, 08:18 PM by Crazycat. Edited 1 time in total.)

(2022-01-09, 06:03 PM)Noter33 Wrote:
(2022-01-09, 05:58 PM)Crazycat Wrote: I submit a modification of the regexp in the tutorial

REGEX is not XSS security , every regex you would use there is inefficient there will be always a bypass

The regex will validate (or refuse) the value given. That's the better way (not the best) to limit risks.
If you don't want any risk, do not allow external contents or anything you cannot really trust in custom fields, or better don't use custom field.

Tchat en français

Do not ask me help through PM or Discord

Website Find

« Next Oldest | Next Newest »

Messages In This Thread

Custom Profile Fields tutorial vulnerable to STORED XSS - by Noter33 - 2022-01-09, 05:13 PM

RE: Custom Profile Fields tutorial vulnerable to STORED XSS - by Crazycat - 2022-01-09, 05:58 PM

RE: Custom Profile Fields tutorial vulnerable to STORED XSS - by Noter33 - 2022-01-09, 06:03 PM

RE: Custom Profile Fields tutorial vulnerable to STORED XSS - by Crazycat - 2022-01-09, 08:17 PM

View a Printable Version

Forum Jump:

Users browsing this thread: 5 Guest(s)

Login
Username:
Password:	Lost Password?
	Remember me