Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect script-server from XSS and XSRF attacks #79

Closed
bugy opened this issue Jun 26, 2017 · 1 comment
Closed

Protect script-server from XSS and XSRF attacks #79

bugy opened this issue Jun 26, 2017 · 1 comment
Labels
feature resolved
Milestone
1.17.0

Comments

@bugy
Copy link
Owner

bugy commented Jun 26, 2017

Currently script server is not safe enough against XSS attacks. Should be fixed

Possible solution
http://www.tornadoweb.org/en/stable/guide/security.html#cross-site-request-forgery-protection
@bugy bugy added the feature label Jun 26, 2017
@bugy bugy changed the title Protect script-server from XSS attacks Protect script-server from XSS and XSRF attacks Jun 26, 2017
@bugy bugy added this to the 1.16.0 milestone Mar 26, 2020
@bugy bugy removed this from the 1.16.0 milestone Aug 14, 2020
@bugy bugy added this to the 1.17.0 milestone Nov 18, 2020
bugy added a commit that referenced this issue Apr 16, 2021
@bugy
#79 protected Script server users against XSRF attacks
2e0035c
@bugy bugy mentioned this issue Apr 16, 2021
Open
bugy added a commit that referenced this issue Apr 18, 2021
@bugy
#245 #79 protected "html" outputFormat against XSS attacks
293d2a1
@bugy
Copy link
Owner Author

bugy commented Apr 18, 2021

Added XSRF protection via tokens
Analyzed and fixed XSS issues for the code (or added a description to Wiki, when it's unavoidable).

@bugy bugy added the resolved label Apr 18, 2021
@bugy bugy closed this as completed Mar 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature resolved
Projects
None yet
Milestone
1.17.0
Development

No branches or pull requests
1 participant
@bugy