Jump to content

Topic on Extension talk:ExternalLinks

BrentLaabs (talkcontribs)

Hey, just wanted to let you know that there are some pretty obvious XSS flaws in this extension.

The variables $filterURL and $filterURLnot are fetched from the http request and put right back into the HTML without validation. Consider using the HTML class instead of raw HTML.

Subfader (talkcontribs)
Reply to "XSS Vulnerabilites"