Link Injection

Rob_Ammerlaan
Level 1

Link Injection

I am requesting support regarding the implementation of the Marketo forms at our WordPress website. On the following pages:
The user can do Link Injection. This results in a unsafe way of working. Please let me know how we can proceed in preventing this from happening. We use the code from the Marketo website 1 on 1 as suggested in the backend. 
I hope you can help me as soon as possible,
Tags (2)
3 REPLIES 3
SanfordWhiteman
Level 10 - Community Moderator

Re: Link Injection

Your point is rather vague. Are you using unfiltered, unescaped user input in an auto-responder email? Or on an LP?

I wrote about these concerns a scary number of years ago: https://blog.teknkl.com/tokens-as-hacker-weapons-1/ 

Rob_Ammerlaan
Level 1

Re: Link Injection

Hi Sandford,
Currently, we are not escaping the user input in the field we use in the auto responder email. Can you tell me how that works?
The email I am talking about now is specifically: 
I hope you can help us, 
SanfordWhiteman
Level 10 - Community Moderator

Re: Link Injection

Currently, we are not escaping the user input in the field we use in the auto responder email. Can you tell me how that works?

It’s in my blog above. Also see https://nation.marketo.com/community/product_and_support/blog/2019/09/17/even-when-velocity-isn-t-do...