This module creates content for an inline <script> tag. However, if anything in the content of that script tag includes </script>, HTML5's parsing rules will prematurely end the tag there, allowing for XSS injection.
This module should modify any strings in the returned JSON (for keys or values) that include </script> to be written as </"+"script>.
This module creates content for an inline
<script>
tag. However, if anything in the content of that script tag includes</script>
, HTML5's parsing rules will prematurely end the tag there, allowing for XSS injection.This module should modify any strings in the returned JSON (for keys or values) that include
</script>
to be written as</"+"script>
.