Has anyone here run into an issue where pasting text content or even a url into Kirby panel textarea field triggers the server’s mod_security (claims there’s a HTTP response splitting attack)? Not sure if it’s possible that having your OS in a non-latin language would change the line-endings to something strange?
does the splitting attack happen in any browser, from any system accessing the panel? does it happen with any string?
Seems like that although I cannot personally replicate it. This is only happening when the client does it and they have tried different browsers on both Windows and OSX. Their OS’s are in Chinese but I don’t know if that could make a difference… Basically all they have to do is copy/paste url from the browser’s address bar, paste it in and hit save.