Skip to content

Commit

Permalink
fix: Fix XSS vulnerability by encoding username in profile page
Browse files Browse the repository at this point in the history
- Replaced direct user input insertion with URL encoding using encodeURIComponent.
- This change ensures that special characters in the username are properly encoded, preventing potential cross-site scripting (XSS) attacks.
  • Loading branch information
TKanX committed Aug 6, 2024
1 parent 9ffcd2a commit 0f115d2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion views/pages/users/profile.ejs
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@
// Add event listener to window load
window.addEventListener("DOMContentLoaded", async () => {
// Set the username
const username = "<%- username %>";
const username = encodeURIComponent("<%- username %>");
// New users instance
const users = new Users(username);
Expand Down

0 comments on commit 0f115d2

Please sign in to comment.