Filter user-requested language input (!19) · Merge requests · The Tor Project / Anti-censorship / BridgeDB

Cecylia Bocovich requested to merge cohosh/bridgedb:issue/40014 into main May 31, 2021

There was an HTML injection attack made possible by the fact that we were including the unsanitized language inputs in the HTML page returned to the user. This change filters any user-requested languages (either from the Accept-Language header or the "lang" parameter) and only includes languages supported by BridgeDB.

Filter user-requested language input

Merge request reports