search

Bttstrp / bootstrap-switch

Turn checkboxes and radio buttons in toggle switches.
MIT License
5.08k stars 1.45k forks source link

Fix potential xss attack #730

Open jwcooper opened 4 years ago

jwcooper commented 4 years ago

Working example: https://jsfiddle.net/876myrk5/

$('[data-toggle="switch"]').bootstrapSwitch({onText: ">'><details open ontoggle=confirm(document.domain)>"});

If any sites allow switches based on user submitted configuration, they could be open to this issue.

ggkitsas commented 4 years ago

Hi, is this fix something you consider releasing soon?

atodorov commented 3 years ago

@LostCrew are you open to adding co-maintainers on this repository? Myself (and possibly @asankov) would be interested b/c we depend on this.

LostCrew commented 3 years ago

@atodorov @asankov Where can I reach you to chat privately?

atodorov commented 3 years ago

@LostCrew both of our email addresses are visible in our profiles.

austinmhyatt commented 3 years ago

Is there anyone still working on this fix? thanks