This repository was archived by the owner on Jan 29, 2019. It is now read-only.
This repository was archived by the owner on Jan 29, 2019. It is now read-only.
Potential for XSS #1
Description
Performing a search for something like <script> alert("hi");</script> will cause that JavaScript to be injected into the page.
I saw this happen on the CAB site
It would probably be worth ensuring all user input is sanitised before being added to the page. Perhaps around https://github.com/edds/display-screen/blob/master/public/javascripts/search.js#L100