-
**Description**
In jQuery versions before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) m…
-
It would be useful to provide the Field or Part Definition in GraphQl
This is helpful when access to the field settings is required, example here
https://github.com/OrchardCMS/OrchardCore/pull/601…
-
Hi,
there are currently at least two _Handlebars_ templates that use `{{{data}}}` instead of `{{data}}`:
- [/src/templates/web-display/control-text.html](https://github.com/gitana/alpaca/blob/mast…
-
Neither url.Parse() nor url.String() sanitizes the query component. See e.g. https://play.golang.org/p/8hsD2WeMVYD
#190 and #192 fix some cases resulting from this, but there may be other edge case…
-
**Description**
When I use sanitize attributes, search does not return expected results. For eg. I have:
```
class Book
meilisearch sanitize: true do
attribute :title, :description
…
-
Example JS fiddle:
[https://jsfiddle.net/16L0usfo/1/](https://jsfiddle.net/16L0usfo/1/)
When loading data over AJAX (or otherwise parsing it from some JSON) Footables is vulnerable to XSS. The fix…
-
```
Enhancement:
It would be useful if the ESAPI would provide a method for converting a string
that might contain HTML tags into a text-only string. That could be used to
sanitize a string in orde…
-
This is a feature request for the ability to “correct” bad input, by stripping away parts that are not conforming to the spec. This is mostly useful for sanitizers, especially for pages that want to …
-
```
Enhancement:
It would be useful if the ESAPI would provide a method for converting a string
that might contain HTML tags into a text-only string. That could be used to
sanitize a string in orde…
-
I was wondering the recommended way of doing something like this:
``` html
member name: {{memberName}}
member api docs:
{{memberDocs}}
```
Here, memberName is a string, but memberDocs is an …