-
The JQuery API exposes several methods whose use in application code carries a high risk of introduction of XSS vulnerabilities.
For example, code such as `myElement.html(val)` results in XSS if `val…
-
I'd like to be able to pass a configuration option into `rdmd.html(text,options)` that lets me turn off some of the sanitization. For example, I'd like to allow `iframe`s and `script` tags.
-
Since we're exposing a C API, and we'll have examples for its usage, we should not only test for the absence of errors while running, but even the possible memory leaks, using tools like Valgrind (pos…
-
There are _lots_ of ways to include javascript in SVG but atlas does not yet make any attempt to protect its users from dangerous SVG.
(For what it's worth, this will almost certainly require parsing…
-
**Describe the current behavior**
Google Colab seems to provide no ability to embed SVG images into the notebook.
**Describe the expected behavior**
Google Colab should provide the ability to…
-
**Motivation**
As maintainer of a Superset Instance, I want to be able to message my users, so I can inform them about possible downtimes, data troubles or other causes.
This can of course be achiev…
-
It appears that the feed name is not being picked up by e.g. `inroreader` despite the site having both a name and a title. From the debugging I've done, it may be due to the fact that the name is plac…
wrycu updated
9 months ago
-
One account has used a special HTML character in their catch phrase.
This is most likely not an issue, but it warrants an investigation into how the current input sanitization handles these charact…
-
I don't know whether it would make sense from a security point of view, but in some cases users expect "pseudo-tags" like `` to appear as escaped HTML, for example when giving examples of something.
…
-
**Client_DOM_Stored_XSS** issue exists @ **src/main/webapp/vulnerability/Injection/xxe.jsp** in branch **master**
*The application's $ embeds untrusted data in the generated output with html, at li…