Skip to content

[SECURITY] Unsanitized User Input #8

Description

@lishaduck

profiles[0][profNum] = (
document.querySelector(`#nameProf${profNum}`) as HTMLInputElement
).value;

^ Just the first instance I found.

Zero validation (mostly) that any user input isn't going to crash the code.
Admitting, everything is client-side, so it's not a real issue, which is why I'm not filing a security advisory or whatnot and just posting it in an issue.
Who is going to try to break their own map?
Maybe it allows a malicious bookmarklet? IDK.

See also: The Dangers of Square Bracket Notation

Metadata

Metadata

Assignees

Labels

bugSomething is not workingmapRelates to the PHS Map

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions