SOLUTION: Dear Algebra.com developers,
I am very proud of you for fixing the CSS injection.
I hope that you learned a very valuable lesson.
'Never trust user input'
P.S.
Algebra ->
Finance
-> SOLUTION: Dear Algebra.com developers,
I am very proud of you for fixing the CSS injection.
I hope that you learned a very valuable lesson.
'Never trust user input'
P.S.
Log On
Question 1116758: Dear Algebra.com developers,
I am very proud of you for fixing the CSS injection.
I hope that you learned a very valuable lesson.
'Never trust user input'
P.S.
I see that you are still vulnerable to HTML injection.
As an example, I will use the img tag to show an image:
HTML injection is when you input html code, so that when your preprocesser prints it onto the page, HTML interprets it as source code.
To prevent HTML injection, I recommend checking this out.
Sincerely, BumbleStar Answer by ikleyn(52915) (Show Source):
You can put this solution on YOUR website! you can contact me at ichudov@algebra.com. I cannot disable all HTML input as people sometimes need to use it. Injecting images is a feature and not bug.
