  ●
  Grav 2.0 is officially stable. Read the announcement →

Community guidelines

Please keep discussions civil and on-topic. Repeated violations may lead to a temporary ban.

Log in Register

Sebastien Axinte Newcomer

@seb · Joined 9 years ago · 3 posts · 1 topics · 0 reputation

Badges

✏️ First Post 💬 Conversation Starter

XSS Injection from parameters · 9 years ago
All right, it's the answer I needed - wasn't sure yet if it was something we had to do as developers or a Grav issue, thank you!
XSS Injection from parameters · 9 years ago
Hi rhuk, I just downloaded the last version of Grav (v1.3.10) and I was able to reproduce on Firefox v57. I'm on OSX El Capitan v10.11.6: You can find here a zip with the archive to reproduce the pro
XSS Injection from parameters · 9 years ago
Hi there, I'm facing some XSS vulnerabilities when using parameters. Please consider this code inside a twig file: {% if uri.query('foobar') %} <a href="{{ 'http://www.google.co.uk/' ~ uri.quer