leviathonbeast/php-flasher
1
0
Fork 0
mirror of https://github.com/php-flasher/php-flasher.git synced 2026-04-05 12:32:55 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
fd65254d63d50f8af6a62b8fcae848824a750bb3
php-flasher/tests/Prime/Response/Presenter
T
History
Younes ENNAJI 1d81de581b fix: escape nonce and mainScript to prevent XSS vulnerabilities 
The HtmlPresenter was interpolating user-controlled values directly into
HTML attributes and JavaScript code without proper escaping, creating
XSS vulnerabilities.

Changes:
- Escape nonce with htmlspecialchars() for HTML attribute context
- Escape nonce with json_encode() for JavaScript string context
- Escape mainScript with json_encode() for JavaScript string context

Added tests to verify XSS payloads are properly escaped.
2026-03-01 19:55:49 +00:00
..
ArrayPresenterTest.php
chore: v2 full rewrite
2024-04-09 07:57:01 +00:00
HtmlPresenterTest.php
fix: escape nonce and mainScript to prevent XSS vulnerabilities
2026-03-01 19:55:49 +00:00