Skip to content

Filter user-requested language input

Cecylia Bocovich requested to merge cohosh/bridgedb:issue/40014 into main

There was an HTML injection attack made possible by the fact that we were including the unsanitized language inputs in the HTML page returned to the user. This change filters any user-requested languages (either from the Accept-Language header or the "lang" parameter) and only includes languages supported by BridgeDB.

Merge request reports

Loading