Sugar Labs
Sugarizer Fix: ChatPrototype activity does not sanitize input #225
It's possible to inject JavaScript using Chat prototype activity. See more at https://github.com/llaske/sugarizer/issues/225 Could be fixed by just encoding input. For example, turning "&" into "&", "<" to "<", etc. Chat activity source code is https://github.com/llaske/sugarizer/tree/dev/activities/ChatPrototype.activity
Task tags
Students who completed this task
FreddieN
Task type
- code Code