Insert an XSS into SEOTools::setTitle(); or SEOTools::setDescription();
View Site
<script type="application/ld+json">{"@context":"https://schema.org","@type":"WebPage","name":"<script>alert(0)</script> on Bazaar","description":"<script>alert(0)</script> on Bazaar in Custom at Aug 1, 2024 with: xxx","image":"https://blobs-infiniteugc.svc.halowaypoint.com/ugcstorage/map/298d5036-cd43-47b3-a4bd-31e127566593/5546a6ec-841d-4955-be7a-5f32c3ac0428/images/thumbnail.png"}</script>
What is the expected result?
Nothing happens, but encoded text.
What do you get instead?
An XSS
Additional info
Q
A
This Package Version
1.3.1
Laravel Framework Version
11.x
Should the package be cleansing data prior to writing to tags? Or is it up to me to cleanse data prior to injecting into library?
What steps will reproduce the problem?
SEOTools::setTitle();orSEOTools::setDescription();What is the expected result?
What do you get instead?
Additional info
Should the package be cleansing data prior to writing to tags? Or is it up to me to cleanse data prior to injecting into library?