Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY] Unsanitized User Input #8

Open
lishaduck opened this issue Jul 6, 2024 · 0 comments
Open

[SECURITY] Unsanitized User Input #8

lishaduck opened this issue Jul 6, 2024 · 0 comments
Assignees
@lishaduck
Labels
bug Something is not working map Relates to the PHS Map

Comments

@lishaduck
Copy link
Member

lishaduck commented Jul 6, 2024
edited
Loading

psdtools.github.io/packages/phs-map/src/script.ts

Lines 342 to 344 in a649be1

profiles[0][profNum] = (
document.querySelector(`#nameProf${profNum}`) as HTMLInputElement
).value;

^ Just the first instance I found.

Zero validation (mostly) that any user input isn't going to crash the code.
Admitting, everything is client-side, so it's not a real issue, which is why I'm not filing a security advisory or whatnot and just posting it in an issue.
Who is going to try to break their own map?
Maybe it allows a malicious bookmarklet? IDK.

See also: The Dangers of Square Bracket Notation
@lishaduck lishaduck self-assigned this Jul 6, 2024
@lishaduck lishaduck added the bug Something is not working label Jul 6, 2024
@lishaduck lishaduck transferred this issue from PSDTools/PHS-Map Jul 9, 2024
@lishaduck lishaduck added the map Relates to the PHS Map label Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lishaduck lishaduck

Labels
bug Something is not working map Relates to the PHS Map
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lishaduck