Skip to content

a javascript target is permitted in the logout view no url #13

Description

@d1b
In the logout view the 'continue' parameter is placed directly into the href value of the 'no' option without rejecting invalid url/locations (url which are not actual http link). So a javascript target is permitted ... for example   http://SITE.lol/_openid/logout?continue=javascript:alert(1)
results in the following html for the 'No' option : '<a href="javascript:alert(1)">No</a>'.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions