Headline
CVE-2023-1244: update site_name sanitizer · answerdev/answer@9870ed8
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
@@ -78,7 +78,7 @@ type InitEnvironmentResp struct {
// InitBaseInfoReq init base info request
type InitBaseInfoReq struct {
Language string `validate:"required,gt=0,lte=30" json:"lang"`
SiteName string `validate:"required,gt=0,lte=30" json:"site_name"`
SiteName string `validate:"required,sanitizer,gt=0,lte=30" json:"site_name"`
SiteURL string `validate:"required,gt=0,lte=512,url" json:"site_url"`
ContactEmail string `validate:"required,email,gt=0,lte=500" json:"contact_email"`
AdminName string `validate:"required,gt=3,lte=30" json:"name"`
Related news
GHSA-h85v-cx5m-78wj: Answer vulnerable to Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.