Sanitize serviceURL parameter

[Harsh14901]

The serviceURL parameter is currently vulnerable to XSS attacks. If you click HERE then after logging in you will see your CASI node session cookies being displayed in the alert box.

Note: The CASI tokens are httpOnly hence they are immune to XSS attacks.

[bicycleman15]

Has this been implemented ? @Harsh14901
Should I close this ?

[Harsh14901]

No, I haven't found a completely reliable solution for this yet. We could either add a regex check to the serviceURL parameter but I am not sure if that could also be circumvented by the attacker or not. (As we do in CTF challenges :P)