You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Angle brackets are currently not being escaped in the generated HTML, which means that the title What could possibly go wrong with <insert x86 instruction here>? is parsed as HTML and shows up as What could possibly go wrong with ? in a web browser. This is of course undesirable.
Technically, this counts as an cross-site scripting vulnerability, although the potential for exploitation is very slim because the code only runs locally on one computer and the source of the data is semi-trustworthy.
The text was updated successfully, but these errors were encountered:
Angle brackets are currently not being escaped in the generated HTML, which means that the title
What could possibly go wrong with <insert x86 instruction here>?is parsed as HTML and shows up as What could possibly go wrong with ? in a web browser. This is of course undesirable.Technically, this counts as an cross-site scripting vulnerability, although the potential for exploitation is very slim because the code only runs locally on one computer and the source of the data is semi-trustworthy.
The text was updated successfully, but these errors were encountered: