Public issue tracking and documentation for Foundry Virtual Tabletop - software connecting RPG gamers in a shared multiplayer environment with an intuitive interface and powerful API.
ALL MODULES DISABLED? true
OS, Hosting, Browser (if applicable): Windows 11 / Node / Chrome
Short Description of bug: HTMLStringTagsElement directly renders content into the DOM without sanitization
Simple steps to reproduce the bug: Create a HTMLStringTagsElement and add value <test value> you will find that instead of the string "" being rendered within the Tag's span, it will interpret it as an HTML element of <test value>.
Screenshots and/or console errors:
Originally reported by asheeon https://discord.com/channels/170995199584108546/1184176415139184731/1233702770293477387
ALL MODULES DISABLED? true OS, Hosting, Browser (if applicable): Windows 11 / Node / Chrome Short Description of bug: HTMLStringTagsElement directly renders content into the DOM without sanitization Simple steps to reproduce the bug: Create a HTMLStringTagsElement and add value" being rendered within the Tag's span, it will interpret it as an HTML element of
<test value>
you will find that instead of the string "<test value>
. Screenshots and/or console errors: