Search doesn't escape things that it should
-
Search for example
std::ostream&
. The & gets clipped off the end, and a look at the URL shows that the & is unescaped and so treated as a part of the URL. However, run a search forstd::ostream%26
, and it'll turn into a search forstd::ostream&
allowing you to find the correct result.
-
It also seems like spaces are encoded as
%20
instead of+
.
-
You're right, it doesn't seem to escape '&'s at all. This is pretty big deal for a web developer to forget.
It does escape '<'s, so no luck with the XSS today.
-
-
@anonymous234 said in Search doesn't escape things that it should:
You're right, it doesn't seem to escape '&'s at all. This is pretty big deal for a web developer to forget.
It does escape '<'s, so no luck with the XSS today.
Pretty sure it's not explicitly escaping
<
. That's probably just your browser doing it, like with spaces.
-
Looks like it was a regression the encodeURIComponent code was there but it wasn't effecting the actual query string.
-
We have search?
-
@topspin said in Search doesn't escape things that it should:
We have search?
-
@barisu said in Search doesn't escape things that it should:
effecting
-
@lolwhat said in Search doesn't escape things that it should:
@topspin said in Search doesn't escape things that it should:
We have search?
To be fair, it does search it just doesn't find.