Skip to content

Fix XSS Vulnerability at Login page

Stefan C requested to merge fix_xss_vulnerability_as_login_page_ref into master

Closes #1252 (closed)

What does this MR do?

Fix XSS Vulnerability at Login Page

How confident are you it won't break things if deployed?

If we have no absolute generated ref Links that might confuse, nothing should break. On the other hand break would mean redirect to dashboard

Links to related issues

#1252 (closed)

How to test

Check all possible values at ref field. Only with correct Syntax should work.

Checklist

  • [N] added a test, or explain why one is not needed/possible...
  • no unrelated changes
  • asked someone for a code review
  • set a "for:" label to indicate who will be affected by this change
  • added to the next milestone (see https://gitlab.com/foodsharing-dev/foodsharing/-/milestones, unless it has a "for:Dev" label)
  • added an entry to CHANGELOG.md
  • added a short text that can be used in the release notes

Release notes text in German

XSS Verwundbarkeit auf Login Page geschlossen

Edited by Stefan C

Merge request reports