Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Reported security issue vulnerabilty
#7
Hi Joel,

We will also include this in our checks and release a new update.

However, you can already protect your application using your current IW version. You just need to add some code to the OnParseParameter event in ServerController.

I think this will do the trick:

Code:
uses
  StrUtils;

procedure TIWServerController.IWServerControllerBaseParseParameter(
  var AParam: string; var AllowIt: Boolean; const Index: Integer);
begin
  if ContainsText(AParam, '<svg') then
    AllowIt := False;
end;
Reply


Messages In This Thread
Reported security issue vulnerabilty - by joelcc - 05-20-2020, 05:16 PM
RE: Reported security issue vulnerabilty - by Alexandre Machado - 06-09-2020, 10:56 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)