[cl-weblocks-ticket] #34: Sanitize input to prevent cross-site scripting and SQL injection
#34: Sanitize input to prevent cross-site scripting and SQL injection ---------------------------------------------------------+------------------ Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: cross-site scripting SQL injection sanitize | ---------------------------------------------------------+------------------ We should sanitize form input to prevent cross-site scripting and SQL injection. Sanitation should ideally be done in a centralized place (in particular, request-object-mapping). -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/34> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks
#34: Sanitize input to prevent cross-site scripting and SQL injection -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: cross-site scripting SQL injection sanitize -------------------------+-------------------------------------------------- Changes (by sakhmechet): * priority: high => medium -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/34> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks
#34: Escape HTML outputted by 'render-data' to prevent XSS attacks -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: cross-site scripting SQL injection sanitize -------------------------+-------------------------------------------------- Changes (by sakhmechet): * summary: Sanitize input to prevent cross-site scripting and SQL injection => Escape HTML outputted by 'render- data' to prevent XSS attacks Comment: The goals of this ticket are too broad and ill defined. SQL injection is an unrelated issue and input sanitation depends on the type of data. For now we should change the goal to escaping HTML outputted by 'render-data' since all widgets [should] use it for rendering. -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/34> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks
#34: Escape HTML outputted by 'render-data' to prevent XSS attacks -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: closed Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: cross-site scripting SQL injection sanitize -------------------------+-------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed Comment: Fixed. 'render-data' now escapes all output. -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/34> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks
participants (1)
-
cl-weblocks