Script injection vulnerability in image gallery

humaan / Modaal

An accessible dialog window library for all humans.

http://humaan.com/modaal/

MIT License

2.72k stars 183 forks source link

Script injection vulnerability in image gallery #113

Closed hfionte closed 5 years ago

hfionte commented 5 years ago

The image descriptions in the image gallery version of Modaal are rendered in a way that introduces a script-injection vulnerability.

danhumaan commented 5 years ago

G'day @hfionte - thanks for highlighting this issue. Certainly something of concern so we've pushed through an update to restrict html allowed in those descriptions.

A new version has been released to reflect this update.