Closed neondlh closed 4 years ago
Hallo @neondlh
Thank you for your efforts in researching known gaps in the library corners we use
Function provided by the module: http://bootstrap-tagsinput.github.io/bootstrap-tagsinput/examples/
Components affected: https://showcase.bootsfaces.net/forms/inputTextWithTags.jsf
Possible solution: https://github.com/bootstrap-tagsinput/bootstrap-tagsinput/issues/501 try to escape itemTitle
i could not found that we use itemTitle
Hi sorry,
But there is High vulnerability in one of the js used for tags in inputText. https://snyk.io/vuln/npm:bootstrap-tagsinput:20160720
I tried to find a version of this js without this vulnerability but I had no luck. I am not sure, but maybe we can use another lib for this or just remove this feature.
Thanks, Maria De la Hoz