06-09-2020, 10:56 PM
(This post was last modified: 06-09-2020, 11:07 PM by Alexandre Machado.)
Hi Joel,
We will also include this in our checks and release a new update.
However, you can already protect your application using your current IW version. You just need to add some code to the OnParseParameter event in ServerController.
I think this will do the trick:
We will also include this in our checks and release a new update.
However, you can already protect your application using your current IW version. You just need to add some code to the OnParseParameter event in ServerController.
I think this will do the trick:
Code:
uses
StrUtils;
procedure TIWServerController.IWServerControllerBaseParseParameter(
var AParam: string; var AllowIt: Boolean; const Index: Integer);
begin
if ContainsText(AParam, '<svg') then
AllowIt := False;
end;