We have recently come across an issue where Google is reporting some of our pages are suspected for URL Injection.
After closer inspection it seems that users can visit our login page i.e. http://localhost.com/login.html?ekjhekjhekjhejkhe
then when you look at the source code you can see this extra text in the form post / action field.
Has anyone come across this issue before and know how to prevent the extra text from being added into the source code of the page?
I have also as a test installed the latest version of evolution and the same happens as above with the sample site