Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS mitigation by sanitizing user inputs with bleach #642

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

LorennaCunha
Copy link

This solution refers to which of the apps?

A3 - Gossip World

What did you do to mitigate the vulnerability?

I mitigated the XSS vulnerability by sanitizing user inputs across the app. I used the bleach library to clean and remove any potentially dangerous HTML tags and scripts from user-generated content, such as comments and posts. This prevents malicious JavaScript from executing in the browser when user content is displayed, thus securing the app from XSS attacks.

Did you test your changes? What commands did you run?

I tested the changes by trying to reproduce the attack narrative in the setup, by injecting JavaScript in comment, post, and search fields. After implementing the sanitization, I confirmed that the injected scripts were no longer executable and displayed as plain text, mitigating the XSS vulnerability.

@@ -126,16 +126,16 @@ func InitDatabase() error {

dbConn, err := OpenDBConnection()
if err != nil {
errOpenDBConnection := fmt.Sprintf("OpenDBConnection error: %s", err)
errOpenDBConnection := ("OpenDBConnection error: %s" + err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see any need to make any changes at this point. Is this change related to the vulnerability found?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants