XSS vulnerability - Githubissues

google-code-export / jquery-asmselect

Automatically exported from code.google.com/p/jquery-asmselect

1 stars 1 forks source link

XSS vulnerability #37

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

Running asmSelect against this option will trigger the alert despite the
escaped text.

<select multiple="multiple" name="documents">
  <option value="2">&lt;script&gt;alert('xss')&lt;/script&gt;</option>
</select>

Patch file is attached.

Original issue reported on code.google.com by htanata on 16 Nov 2009 at 1:36

Attachments:

xss_patch.diff

GoogleCodeExporter commented 9 years ago

Thanks for the patch. This will appear in 1.0.5

Original comment by ryancram...@gmail.com on 10 Jul 2010 at 3:55

Changed state: Started