HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Security vulnerability in version 2.0.18.8

13»

Comments

  • LincLinc Detroit Admin
    edited August 2013

    @adriansonline said:
    this will ensure all flag inputs are text to your database. It works for me. Please let me know if you know better with the proper code solution

    For future reference, HTML generally cannot be securely filtered with regular expressions. It's a common pitfall. I redacted the answer from the original comment and pasted a link to the fix. Apologies I didn't give this my attention sooner; my fault for leaving you guys hanging.

    AdrianUnderDogR_J
Sign In or Register to comment.