Skip to content

Commit

Permalink
Fix for XSS vulnerability
Browse files Browse the repository at this point in the history 
The not found url could be crafted with script and could be used for an
XSS attack. If you use the notfound.aspx (instead of redirecting to a
page), you can just change that with this new version.
  • Loading branch information
@evest
evest committed Oct 31, 2017
1 parent c03a6be commit 02419c9
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions src/NotFound.aspx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,9 +133,8 @@
<%= Content.TopText %>
<%= Content.LookingFor %>
<div class="notfoundbox">
<%= UrlNotFound %>
<%= HttpUtility.HtmlEncode(UrlNotFound.ToString()) %>
<%= Referer.Length > 0 ? Content.CameFrom : "" %>
<%= Referer.Length > 0 ? Referer : "" %>
</div>
<%= Content.BottomText %>
</div>
Expand Down

1 comment on commit 02419c9

@jmburnz
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For future reference this has been implemented for TNZ prior to 30/05/2022.

Please sign in to comment.