Update tags.php

[hugbubby]

No description provided.

[zeropath-ai-staging]

✅ No security or compliance issues detected. Reviewed everything up to a386e51.

Security Overview

• 🔎 Scanned files: 1 changed file(s)
• 🔗 Scan Link: https://staging.branch.zeropath.com/app/repositories/c5d8a022-9631-45a3-937f-404f77ff821a?scanId=700de2ac-5f0d-41d3-b3fa-6ff0c8851e5e&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Other	► tags.php     echo $_GET['asdf'];

[zeropath-ai-dev]

Reflected XSS Vulnerability in tags.php (Severity: MEDIUM)

A reflected cross-site scripting (XSS) vulnerability exists in tags.php, allowing an attacker to inject arbitrary JavaScript code into the application's response, which can lead to account compromise or data theft. Specifically, the application directly reflects the value of the asdf parameter from the query string using echo $_GET['asdf'] on line 16 without proper sanitization, resulting in execution of any provided JavaScript within the user's browser.
_{View details in ZeroPath}

Suggested change

	echo $_GET['asdf'];
	echo htmlspecialchars(isset($_GET['asdf']) ? $_GET['asdf'] : '', ENT_QUOTES, 'UTF-8');

[zeropath-ai-dev]

❌ Possible security or compliance issues detected. Reviewed everything up to a386e51.

The following issues were found:

• Cross Site Scripting (XSS)

  • Location: tags.php:16
  • Score: MEDIUM (68.0)
  • Description: Reflected XSS: Unescaped user-controlled input from the query string ($_GET['asdf']) is echoed directly to the response.
  • Link to UI: https://dev.branch.zeropath.com/app/issues/d826145c-411a-44cf-ad33-571170d0ef3e

Security Overview

• 🔎 Scanned files: 1 changed file(s)
• 🔗 Scan Link: https://dev.branch.zeropath.com/app/repositories/d9cf8881-7d91-495e-919b-1821f32afbca?scanId=1bb4cb0c-17f1-490f-8fee-173057f4fe0e&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Other	► tags.php     echo $_GET['asdf'];