As this bug can exploited on websites when header data is displayed as-is on the page. It clearly shows how there’s many hidden user controlled inputs that can be exploited by malicious users. This is why it’s important to always follow the golden rule “Filter input, Escape output”
I believe that it is important to run filter engines on EXIF metadata just as if it is a normal web attack or a script injection vector.
use the security header for prevention of xss
X-XSS-Protection: 1; mode=block
As this bug can exploited on websites when header data is displayed as-is on the page. It clearly shows how there’s many hidden user controlled inputs that can be exploited by malicious users. This is why it’s important to always follow the golden rule “Filter input, Escape output”
I believe that it is important to run filter engines on EXIF metadata just as if it is a normal web attack or a script injection vector.
use the security header for prevention of xss
X-XSS-Protection: 1; mode=block
And mark cookie as HTTPOnly and Secure