Closed deckdom closed 1 year ago
Names and other variables which are controlled by the user, are never sanitized when printed which could be used for XSS. Required/Special characters which may lead to XSS are now escaped to HTML/XML entities before putting them into the DOM.
Names and other variables which are controlled by the user, are never sanitized when printed which could be used for XSS. Required/Special characters which may lead to XSS are now escaped to HTML/XML entities before putting them into the DOM.