You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not an issue of security with JavaScript injection as Bleach does take care of that for now
Long term goal: Use a JSON endpoint that the calendar calls rather than an HTML injection (not really potential for attack since no JS, but breaks the calendar HTML)
Sample Code to only allow calls to the URL from another URL: https://github.com/TBP-IT/tbpweb/blob/master/events/views.py#L506
Can open the ability for better Google Calendar integration, RSS Feeds, or people can have a JSON API for their calendar
The text was updated successfully, but these errors were encountered:
Currently, the calendar uses a HTML JSON injected from Django, with the potential to cause HTML to break
https://github.com/compserv/hknweb/blob/master/hknweb/events/templates/events/index.html#L23-L56
Not an issue of security with JavaScript injection as Bleach does take care of that for now
Long term goal: Use a JSON endpoint that the calendar calls rather than an HTML injection (not really potential for attack since no JS, but breaks the calendar HTML)
Sample Code to only allow calls to the URL from another URL: https://github.com/TBP-IT/tbpweb/blob/master/events/views.py#L506
Can open the ability for better Google Calendar integration, RSS Feeds, or people can have a JSON API for their calendar
The text was updated successfully, but these errors were encountered: