-
Notifications
You must be signed in to change notification settings - Fork 858
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A few fixes and enhancements #1
Conversation
* Use env(1) to find python executable instead of hardcoding the path of /usr/bin/python
* HTML Entity encode header keys and values - these can be malicious data
Dude, that's awesome, really smart, and funny. Ha, thanks for doing that. Checking it out now. |
Awesome, works great, and thanks for fixing the other stuff as well. This is a really funny instance, and showed a couple friends that you did that, and got a good laugh (embedding XSS in the server header value). Thanks again for the patch, really appreciate it. |
A few fixes and enhancements
Added extra notes to commit log and CHANGELOG calling you out for submitting the update to me. Thanks man. |
Fixed a few things that I noticed immediately when running against https://neg9.org/ - I have XSS in the Server: header value, which popped up in the report for this tool.
Future: Cleanup unicode handling (replacing u'blah' with blah and such?)