Page 1 of 1

thanks Indrajith

PostPosted: Thu Jan 16, 2014 2:09 am
by josh
  Indrajith, an IT web Security Researcher & Malware analyst, discovered that you could do a cross scripting attack on the website by putting bad stuff in place of the language code in a url and let us know. We fixed it and updated the code repository. If you're familiar with the web code (ha! i'd say 'both of you' but that might be overstating things), you may know that we have a pretty good input sanitization function, but we weren't checking the language code. Thanks Indrajith!!