search

jquery-form / form

jQuery Form Plugin
https://jquery-form.github.io/form/
GNU Lesser General Public License v2.1
5.2k stars 2.15k forks source link

Unsafe HTML constructed from library input #604

Open Maxim-Malevich opened 1 year ago

Maxim-Malevich commented 1 year ago

Please review Instructions for Reporting a Bug.

Description:

Unsafe HTML constructed from library input Run CodeQL scanning and face "Unsafe HTML constructed from library input" lines 482 and 672

Expected Behavior:

Cross-site scripting should be impossible while using jquery.form

Actual behavior:

image image

Versions:

version: 4.3.0 of jquery.form

Demonstration

Link to demonstration of issue in JSFiddle or CodePen:

Steps to reproduce:

jenlampton commented 1 year ago

is this the same problem as https://github.com/jquery-form/form/issues/580?