06-10-2020, 01:46 PM
(06-09-2020, 10:56 PM)Alexandre Machado Wrote: Hi Joel,
We will also include this in our checks and release a new update.
However, you can already protect your application using your current IW version. You just need to add some code to the OnParseParameter event in ServerController.
I think this will do the trick:
Code:uses
StrUtils;
procedure TIWServerController.IWServerControllerBaseParseParameter(
var AParam: string; var AllowIt: Boolean; const Index: Integer);
begin
if ContainsText(AParam, '<svg') then
AllowIt := False;
end;
That should satisfy their testing.
Thank you.