New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Polymer & Vue knobs are vulnerable to XSS Attack #3471

Closed

Hypnosphi opened this issue Apr 21, 2018 · 1 comment

Assignees

Labels

Member

Hypnosphi commented Apr 21, 2018 •

edited

Loading

We probably should escape text values in those frameworks, or at least the values that came from URL

Other frameworks are safe because they do escaping on their side

Hypnosphi added vue app: polymer security labels

Hypnosphi self-assigned this

Hypnosphi mentioned this issue

Knobs: add escapeHTML option; use it by default in Vue, Angular, and Polymer #3473

Merged

Hypnosphi added the merged label

Member Author

Hypnosphi commented May 2, 2018

Released as 4.0.0-alpha.4

Hypnosphi closed this as completed

issue-sh bot removed the merged label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment