Problem with form XSS attacks

Hi, I had the other day a strange behavior in a form while I tested it(just for curiosity), so I decided to try it in a new isntallation.

So! I have just installed a vanilla advanced yii2 version, no plugins, no new libraries, not a single line of code, no anything and have had the same problem. Probably it’s something that I’m doing wrong or have wrongly installed in my server, but it’s driving me nuts.

I have oppened the vanilla contact form that comes with the yii2 installation and entered in a text field this: “<script>alert(‘derp’);</script>”

So I sent the filled form and the server crashed with "connection has expired". What is wrong with the installation? Have you ever had this kind of behavior? How can I fix it? So much questions…

In which text field you entered js ?

I have message:

Thank you for contacting us. We will respond to you as soon as possible.