Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Escape username in alert of forgot password #577

Closed
Quy opened this issue May 9, 2016 · 3 comments
Closed

Escape username in alert of forgot password #577

Quy opened this issue May 9, 2016 · 3 comments
Labels
question

Comments

@Quy
Copy link
Contributor

Quy commented May 9, 2016

This may or may not be a security issue. Should the username be escaped?
<div class="error alert">User with username <b>Test</b> does not exist</div>
@rhukster
Copy link
Member

rhukster commented May 9, 2016

escaped?

@Quy
Copy link
Contributor Author

Quy commented May 9, 2016
edited
Loading

For the username, I can enter in <i>Test</i> and it will be displayed italicized in the alert message.

rhukster added a commit that referenced this issue May 10, 2016
@rhukster
escape and lowercase username in all cases #577
b0ce609
@rhukster
Copy link
Member

Fixed in repo. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Quy @rhukster