Security and privacy

How to prevent script tag in search URL

 
Picture of Khant Kyaw
How to prevent script tag in search URL
 

Hi All,

How can I remove executable script tag in search course URL to prevent XSS attack. 

Now script can be executed in URL for example as below, it runs on firefox browser, 

Chrome browser auto prevents script.


http://localhost/course/index.php?search= ' "><script>alert("testing xss")</script>


please suggest, 


Thank you

 
Average of ratings: -
Picture of Ruslan Kabalin
Re: How to prevent script tag in search URL
Core developersPlugin developers

Hello Khant, thanks for your question. We have got a procedure for reporting potential security issue: https://docs.moodle.org/dev/Moodle_security_procedures#How_can_I_report_a_security_issue.3F Can you please submit a ticket and provide more details on Moodle version you are using.

 
Average of ratings: -