Missing Authentication - Server Component
- Vulnerable
- Solution 1
- Solution 2
The following blog posts should only be visible for logged-in users.
If a user is not logged in, an error message should appear.
If a user is not logged in, an error message should appear.
Blog Posts
Alice's first post (published)
Published: true
This is Alice's first post. It's published, so this is data that all logged-in users are allowed to view.
Alice's third post (published)
Published: true
This is Alice's third post. It's published, so this is data that all logged-in users are allowed to view.
Bob's second post (published)
Published: true
This is Bob's second post. It's published, so this is data that all logged-in users are allowed to view.
Bob's HTML post (published)
Published: true
This is Bob's blog post using <b>HTML</b> and an image: <img src="x" onerror="alert('pwned')" />
Bob's Markdown post (published)
Published: true
This is Bob's blog post using **Markdown** and an image in HTML: <img src="x" onerror="alert('pwned')" />