Closed qhxin closed 6 months ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
Thanks for your awesome work! This PR is done.
Version: react-intl-universal@2.11.1
Solve some XSS attack bypass scenarios
Pull Request Template
Description
Fixes # XSS attack
If you use getHTML, some specific attack tags will not be processed because the execution precondition of escapeHtml is that the variable exists “<>” at the same time.
The following tags will not be escaped and the attack script will be executed:
<img src=x onxss="" onerror="alert(document.cookie);"
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Run unit test.