invidious

mirror of https://github.com/iv-org/invidious.git synced 2024-11-03 08:29:46 +01:00

History

Samantaz Fox ddb06b0cac Fix XSS vulnerability in channel playlists The channel/<ucid>/playlists page was vulnerable to Cross Site Scripting (XSS), because the different URL parameters were inserted as-is in the URL meant for instance switching. This vulnerability could allow an attacker to inject malicious Javascript in the page by tricking the user to click on a crafted link. Bug introduced in commit `66e7285108` ("Only use /redirect when automatically redirecting"). Thanks to Jack (@testa:cthd.icu on Matrix, @cysea on github) for responsibly reporting this issue!	2021-12-19 20:51:44 +01:00
..
invidious	Fix XSS vulnerability in channel playlists	2021-12-19 20:51:44 +01:00
invidious.cr	i18n: pass only the ISO code string to 'translate()'	2021-11-21 01:50:11 +01:00

Fix XSS vulnerability in channel playlists

The channel/<ucid>/playlists page was vulnerable to Cross Site Scripting
(XSS), because the different URL parameters were inserted as-is in the URL
meant for instance switching.

This vulnerability could allow an attacker to inject malicious Javascript
in the page by tricking the user to click on a crafted link.

Bug introduced in commit 66e7285108
("Only use /redirect when automatically redirecting").

Thanks to Jack (@testa:cthd.icu on Matrix, @cysea on github) for responsibly
reporting this issue!

2021-12-19 20:51:44 +01:00

invidious Fix XSS vulnerability in channel playlists 2021-12-19 20:51:44 +01:00

invidious.cr i18n: pass only the ISO code string to 'translate()' 2021-11-21 01:50:11 +01:00