search

arhs / iban.js

IBAN & BBAN validation, formatting and conversion in Javascript
https://arhs.github.io/iban.js/
MIT License
535 stars 130 forks source link

Known Vulnerability in demo boostrap version #51

Closed Xtrem65 closed 4 years ago

Xtrem65 commented 6 years ago

When using npm audit :

/node_modules/iban/demo/bower_components/bootstrap/dist/js/bootstrap.js ↳ bootstrap 3.3.7 has known vulnerabilities: severity: medium; issue: 20184, summary: XSS in data-target attribute; https://github.com/twbs/bootstrap/issues/20184 /node_modules/iban/demo/bower_components/bootstrap/dist/js/bootstrap.min.js ↳ bootstrap 3.3.7 has known vulnerabilities: severity: medium; issue: 20184, summary: XSS in data-target attribute; https://github.com/twbs/bootstrap/issues/20184 Can you consider upgrading the demo bootstrap to a higher, fixed version ?
LaurentVB commented 6 years ago

Hello @Xtrem65

Thanks for the report. We don't use the vulnerable data-target mechanism in our demo code, so no urge to upgrade, but I'm keeping this issue around for when we update the demo.

Best regards

Laurent

LaurentVB commented 4 years ago

Demo has been updated and uses latest versions of used libraries (not bootstrap, btw)