Open jkraemer opened 2 years ago
second commit fixes a similar problem in the div macro where one could break out of the attributes of the div tag with specially crafted argument values.
Code Climate has analyzed commit fc8245ad and detected 0 issues on this pull request.
View more on Code Climate.
the footnote macro currently does not escape the description argument, which allows a malicious user to insert any javascript code into a page: