@mattab opened this issue on January 10th 2008

in [source:/trunk/modules/ViewDataTable.php] methodgetJavascriptVariablesToSet() we load GET parameters values and print them in the javascript code to "forward" the values to the Javascript logic (used in the Jquery code).

Is this safe? We usePiwik_Common::getRequestVar() to sanitize the value but is it safe enough? Or could some hijacking/xss/etc be possible here?

@mattab commented on March 17th 2008

(In [383]) - fix #5498 Thanks for your help on this Draicone. Added addslashes() to the values printed in the JS footer of the datatables

This issue was closed on March 17th 2008
Powered by GitHub Issue Mirror