SPECIAL TOPICS
  1. You are here:Home
  2. Articles
  3. the-tale-of-an-xss-in-phlex-cve-2024-32463-greg-molnar

The tale of an XSS in Phlex (CVE-2024-32463) | Greg Molnar

  • 19/04/2024
  • 574

Phlex is a Ruby gem for building HTML components. Even though the HTML specification permits the usage of the javascript scheme in the href attribute of an anchor tag, Phlex doesn’t permit it to prevent an accidental XSS. When I had an initial look at the gem around its inception, I didn’t really checked how this filtering works, but a Twitter exchange with Joel reminded me to see if it can be bypassed somehow.
The tale of an XSS in Phlex (CVE-2024-32463) | Greg Molnar #ruby #rubydeveloper #rubyonrails https://www.rubyonrails.ba/single/the-tale-of-an-xss-in-phlex-cve-2024-32463-greg-molnar

RubyOnRails.BA

If you think that this shoudn't be here on the site, please contact us and we will remove it.

Read more
previous article

Feedback about writing a technical book

share this post
  • linkedin rubyonrails.ba
  • twitter rubyonrails.ba
  • facebook rubyonrails.ba
next article

Mastering data structures in Ruby — Singly linked lists

quiz.rubyonrails.ba
blog.rubyonrails.ba
Nezir Zahirovic

Contractor Ruby On Rails (8+ years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (11 years)

related articles

Popular Post