BUG: Requirement of Proper Input Handling in Signup form #9
Assignees
Comments
|
i would like to work on this |
|
@pand-coder I am assigning you the task. this app uses streamlit if you have problem implementing javascript then do disscuss with me here or a mentor. I am not really sure if you can use javascript with streamlit. |
|
@Coreharshit I have assigned the task to pand-coder on a first come - first served basis. there are other new issues opened you can ask to get assigned to them. |
|
Okay ! |
|
Hello @Amna-Hassan04 can i complete it by tomorrow as i need some time in understanding the code base and never worked with streamlit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Security Vulnerability: Client-Side Injection in Password Field
Issue Description:
The password field currently allows the input of special characters (e.g.,
<,>,<script>), which can lead to client-side injection attacks like Cross-Site Scripting (XSS). This poses a security risk as it allows malicious scripts to be executed on the client side.Steps to Reproduce:
<script>alert(1)</script>.Expected Behavior:
Special characters such as
<,>, andscripttags should be disallowed in the password field to prevent injection attacks.Actual Behavior:
Special characters are allowed, and malicious scripts can be executed.
###FIX
I would like to incorporate proper javascript Input Handling to prevent this type of client side injection or cross scripting attack
Please assign me this issue as i would like to contribute regarding this issue with respect secure aspects of coding principles
The text was updated successfully, but these errors were encountered: