Sanitise dynamic keyword insertion
- or -
Post a project like this2021
£121(approx. $151)
- Posted:
- Proposals: 5
- Remote
- #2154567
- OPPORTUNITY
- Awarded
Description
Experience Level: Expert
We have recently deployed this WordPress plugin on our site:
It is designed to take information from the URL and append it into the content of the page using a simple shortcode.
Using the above I can use the URL to dictate content on the page:
Notice 'This is a test' is now appended as a paragraph on the page.
Unfortunately, this also opens up an XXS attack vector:
Looks like the plugin has no inbuilt data sanitising.
I'm looking for a developer that can quickly roll out a fix for the plugin and provide details note on how to replicate their fix on a third party site.
The plugin has been uploaded as part of this job. Additionally, I can give FTP/user details for the above test site.
It is designed to take information from the URL and append it into the content of the page using a simple shortcode.
Using the above I can use the URL to dictate content on the page:
Notice 'This is a test' is now appended as a paragraph on the page.
Unfortunately, this also opens up an XXS attack vector:
Looks like the plugin has no inbuilt data sanitising.
I'm looking for a developer that can quickly roll out a fix for the plugin and provide details note on how to replicate their fix on a third party site.
The plugin has been uploaded as part of this job. Additionally, I can give FTP/user details for the above test site.
Daniel T.
100% (9)Projects Completed
12
Freelancers worked with
12
Projects awarded
69%
Last project
3 Oct 2019
United Kingdom
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
Dan, could you please share your website link?
Daniel T.27 Sep 2018Hi Henry, it's http://dtodd.uk/.
As mentioned you can test the functionality with this code:
http://dtodd.uk/?keyword=This%20is%20a%20test
I can also provide logins.Henry C.27 Sep 2018Please share the login details as well.
715717
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies