XSS when decoding base64 string

[Old Forum jonathan.d] anonymous
Created: 7 years and 7 months ago

When decoding base64 strings, the zero-click info embeds the result string as is (eg. with a simple js alert).

Note that the urldecode does not have this issue.

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


yegg
Thx for reporting--fixed!
posted by yegg Staff7 years and 6 months ago Link