Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
0 votes
576 views
in Q2A Core by

Hi, 

One of my client reported this issue of XSS problem on search box? Can this be fixed?

http://resources.infosecinstitute.com/how-to-prevent-cross-site-scripting-attacks/

Q2A version: 1.7

1 Answer

+1 vote
by
selected by
 
Best answer

I checked into it and I cannot reproduce any problem, e.g. http://www.question2answer.org/qa/search?q=%3Ci%3Etest%3C/i%3E

Can you PM me with some more details about this? For example your client's site and how you accomplish the XSS?

Update: thanks for the PM. This is not a problem with Q2A because the search term is escaped for output, in qa-include/pages/search.php line 84:

$qa_content['title']=qa_lang_html_sub('main/results_for_x', qa_html($inquery));

So it sounds like you have modified that file in some way, to remove the security.

by
Thank you Scott. As I checked the problem is with breadcrumbs plugin.
...