Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure the usage of angular-ui-notification library #12

Closed
nadouani opened this issue Mar 27, 2017 · 0 comments
Closed

Secure the usage of angular-ui-notification library #12

nadouani opened this issue Mar 27, 2017 · 0 comments
Assignees
@nadouani
Labels
bug
Milestone
1.0.2

Comments

@nadouani
Copy link
Contributor

Request Type

Bug

Work Environment

Any

Problem Description

Cortex UI uses an open source angular library to display notification toasts: https://github.com/alexcrack/angular-ui-notification

This library introduce a XSS vulnerability, since it trusts the messages to be displayed, as HTML.
An issue is still open to fix this vulnerability

In the meantime, we will make sure to sanitize the content we display in notification toasts
@nadouani nadouani added the bug label Mar 27, 2017
@nadouani nadouani added this to the 1.0.2 milestone Mar 27, 2017
@nadouani nadouani self-assigned this Mar 27, 2017
nadouani added a commit that referenced this issue Mar 28, 2017
@nadouani
#12 Make sure to escape HTML entities and sanitize the message to be …
e928c06 
…displayed in notification
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nadouani nadouani

Labels
bug
Projects
None yet
Milestone
1.0.2
Development

No branches or pull requests
1 participant
@nadouani