Closed amazeika closed 9 months ago
We are not properly escaping the folder when we render an Invalid folder error in case an invalid folder is provided in the request. This mechanism allows for injecting JS into the document body.
See => https://docs.google.com/document/d/1GAwKYFkOmaEsPkLf24i0MOIaglVP9xEBAcYUl0Uf9Mc/edit?pli=1
We are not properly escaping the folder when we render an Invalid folder error in case an invalid folder is provided in the request. This mechanism allows for injecting JS into the document body.
See => https://docs.google.com/document/d/1GAwKYFkOmaEsPkLf24i0MOIaglVP9xEBAcYUl0Uf9Mc/edit?pli=1
Support tickets