Skip to content

fix: escape HTML in decode_base64 to prevent XSS#742

Open
muhamedfazalps wants to merge 1 commit into
postmanlabs:masterfrom
muhamedfazalps:fix/xss-base64
Open

fix: escape HTML in decode_base64 to prevent XSS#742
muhamedfazalps wants to merge 1 commit into
postmanlabs:masterfrom
muhamedfazalps:fix/xss-base64

Conversation

@muhamedfazalps

Copy link
Copy Markdown

The /base64 endpoint returned user-controlled content without escaping, allowing reflected XSS attacks. This fixes the vulnerability by escaping the decoded content before returning it.

Fixes #735

The /base64 endpoint returned user-controlled content without escaping,
allowing reflected XSS attacks. This fixes the vulnerability by escaping
the decoded content before returning it.

Fixes postmanlabs#735
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

XSS - /base64

1 participant