Open dreaming-augustin opened 6 years ago
@dreaming-augustin Please could you elaborate on how data-text
is "insecure"
@hammy2899 See the fiddle in the linked issue dedicated to data-text
:
[Dropdown] Security Vulnerability with data-text #5376
This issue is more for a meta discussion on:
The following issue was closed by the stale bot and should be reopened: XSS issue in semantic dropdown. #4498
The following issue was closed by the stale bot and should be reopened: Content Security Policy #3119
Checklist:
Security
beside the existing Definition
, Examples
, Usage
and Settings
.We implemented data sanitizing and added a security page to the docs https://fomantic-ui.com/modules/search.html#/security https://fomantic-ui.com/modules/dropdown.html#/security
@lubber-de What you did is great! Thank you very much for taking the time to implement my main suggestions for documentation. I am very happy that Fomantic is making such progress and taking security issues seriously. Many thanks to the whole team.
It would be nice to have a whole section dedicated to security on the Semantic-UI web site, and for each module, a sub-section on the secure use of that particular module.
Currently, some code samples provided in the Semantic-UI documentation are inherently unsecure.
I searched but couldn't find any mention of 'security' in the official documentation, nor anything about potential pitfalls when using some Semantic-UI modules when one does not pay attention to sanitize user input.