They don't escape the query text field - XSS. http://github.com/codesearch?q=%22... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

samwillis on Nov 3, 2008 | parent | context | favorite | on: GitHub adds code search

They don't escape the query text field - XSS.

http://github.com/codesearch?q=%22%3E%3Cscript%3Ealert(%22Oops%22)%3C%2Fscript%3E%3Cspan%20%22&repo=&langOverride=&language=&x=0&y=0

defunkt on Nov 3, 2008 [–]

Thanks, fixed.

cosmo7 on Nov 4, 2008 | [–]

Would be more impressive if the pagination worked too.

Do you test any of this?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact