jkraemer
commented
2 years ago second commit fixes a similar problem in the div macro where one could break out of the attributes of the div tag with specially crafted argument values.
Open jkraemer opened 2 years ago
jkraemer
commented
2 years ago second commit fixes a similar problem in the div macro where one could break out of the attributes of the div tag with specially crafted argument values.
codeclimate[bot]
commented
2 years ago Code Climate has analyzed commit fc8245ad and detected 0 issues on this pull request.
View more on Code Climate.
the footnote macro currently does not escape the description argument, which allows a malicious user to insert any javascript code into a page: