[Piwik-trac] [Piwik] #78: Check that printing GET parameters in the JS code is secure
Piwik
trac at piwik.org
Thu Jan 10 16:09:59 CET 2008
#78: Check that printing GET parameters in the JS code is secure
----------------------+-----------------------------------------------------
Reporter: matt | Owner:
Type: Task | Status: new
Priority: major | Milestone: DVNO
Component: Security | Version:
Keywords: |
----------------------+-----------------------------------------------------
in [/trunk/modules/ViewDataTable.php] we load GET parameters values and
print them in the javascript code to "forward" the values to the
Javascript logic (used in the Jquery code).
Is this safe? We use {{{Piwik_Common::getRequestVar()}}} to sanitize the
value but is it safe enough? Or could some hijacking/xss/etc be possible
here?
--
Ticket URL: <http://dev.piwik.org/trac/ticket/78>
Piwik <http://piwik.org>
Piwik, open source web analytics software
More information about the Piwik-trac
mailing list