New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DOM Based xss via Cookie isn't exploitable #23

Open

GoogleCodeExporter opened this issue Nov 13, 2015 · 1 comment

Labels

auto-migrated Priority-Medium Type-Defect

GoogleCodeExporter commented Nov 13, 2015

There should be a filter that restricts the input method.  For instance I am 
getting a lot of reports of dom based xss via cookie value,  and I don't care 
because this isn't exploitable.  Some people might care, so there should be a 
configuration option.  I have noticed that referer is also very common,  and it 
might be nice to filter for that as well.

Original issue reported on code.google.com by [email protected] on 3 Sep 2011 at 1:27

The text was updated successfully, but these errors were encountered:

Author

GoogleCodeExporter commented Nov 13, 2015

Original comment by [email protected] on 20 Sep 2011 at 8:50

Changed state: Accepted

GoogleCodeExporter added Priority-Medium Type-Defect auto-migrated labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment