Running asmSelect against this option will trigger the alert despite the
escaped text.
<select multiple="multiple" name="documents">
<option value="2"><script>alert('xss')</script></option>
</select>
Patch file is attached.
Original issue reported on code.google.com by htanata on 16 Nov 2009 at 1:36
Original issue reported on code.google.com by
htanata
on 16 Nov 2009 at 1:36Attachments: