johnangularjs / datawiki

Automatically exported from code.google.com/p/datawiki
0 stars 0 forks source link

Defining HTML as a format with unsafe tags should not be allowed. #30

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
A user could construct a format called HTML with a root html tag and also 
include a sub element script tag and thus create an XSS attack.

Original issue reported on code.google.com by p...@google.com on 9 Nov 2010 at 10:02