Input Validation & Sanitisation #5

Open

Assignees

Milestone

Public POD Deployment

opened

on Dec 30, 2025

Several handlers accept arbitrary user input (e.g., filenames in importHandler, query parameters in queryHandler) and embed them directly into HTML without thorough sanitisation. This opens XSS vectors.

Metadata

Assignees

emperor42

Labels

No labels

No labels

Type

No type

Projects

Azzurro Technology Inc Roadmap

Status

Scheduled

Milestone

Public POD Deployment

Relationships

None yet

Development

No branches or pull requests