XSS JS-AlertBox

andrucha97 · August 11, 2021, 11:47am

I am running some Hugo Websites with NGINX. Currently, with Version:

hugo v0.83.1-5AFE0A57 linux/amd64 BuildDate=2021-05-02T14:38:05Z VendorInfo=gohugoio

We found some Problems with for example this URL:

https://gohugosite.example/asdf’onmouseover='alert(origin)’%2f…/

When I hover over an Image or a heading “copy link” button, I get an JS-AlertBox

With a local test, it does not work. Only when I get it on Docker/NGINX Server or normal NGINX Server. Does anybody have the same Problem or a Solution?

jmooring · August 11, 2021, 11:56am

Your question is off-topic. Development issues not specific to Hugo should be raised elsewhere. You might try Stack Overflow.

Topic		Replies	Views
Javascript not working in production or public directory support	9	1755	October 20, 2021
Search works locally but not on domain support	6	1372	September 7, 2019
Error serving css, js support	5	1514	January 6, 2016
Hugo Goldmark for html not working on hosted site support	6	930	March 7, 2021
Hugo server fails to delivery static style.css file support	2	352	September 3, 2020

XSS JS-AlertBox

Related Topics