DealsAndYou, why you no sanitize inputs?

Standard, Y U NO sanitize input, Y U NO sanitize input

Update: Dealsandyou has fixed the bug. Responded on twitter with a thanks.

Click to see full-size image.


I was looking at a couple of days back and something (may be their bad design) made me do a XSS vulnerability test on their “Search” input box using the XSS Locator code snippet. Voila!, an alert box popped up confirming my hunch. Continue reading