-
### Background & Context
ARIA attribute like "role" and "aria-*" are always considered whitelisted
### Bug
"role" will be stripped when passing own ALLOWED_URI_REGEXP that does not match "ro…
-
Tracking issue for:
- [ ] https://github.com/cp-psource/pscp-forum/security/code-scanning/6
-
**Describe the bug**
I enabled Develoer Mode as described [here](https://docs.espocrm.com/development/how-to-start/#configuration-for-development)
**Expected behavior**
Libraries like jquery, bul…
-
### Background & Context
Hey, I'm the maintainer of open source project [Wiki.js](https://github.com/Requarks/wiki) and we use DOMPurify to sanitize all content when editing a page. We recently add…
-
![image](https://github.com/ogame-infinity/web-extension/assets/48773775/67661812-1242-49ae-9020-7e0bce0cd3eb)
I keep on getting this error. Forces me to reload the page all the time. Ogame becomes t…
-
### Please describe your bug
I upgraded to Jellyfin 10.9.1 yesterday and made sure my reverse proxy containers (swag, duckdns) were also up to date. This morning I went to help a friend with a pass…
-
> This issue proposes a [bug, feature] which...
### Background & Context
I am trying to use dompurify.sanitize function on below string, and this string is binding of html.
`"p\ul onbeforecopy=…
-
Non-sanitized usage of insecure document methods.
We found some vulnerabilities in the app.js file where user controlled data in methods like innerHTML, outerHTML or document.write is used that can…
-
### 📜 Description
After upgrading to Backstage 1.16 we still have a critical vulnerabiity for tough-cookie 2.5.0. When we trace it through
```
yarn why tough-cookie
```
we see that the 2.5.0 v…
-
### Please describe your bug
Saving any type of Live-TV configuration results in the following error:
`Alert: There was an error saving the TV provider. Please ensure it is accessible and try agai…