Open leonklingele opened 5 years ago
This fixes a potential XSS vulnerability for favicons like " onload="alert(1);" data-xss=" Instead of using replace(), set the favicon URL via setAttribute() or by other ways of unsuring sanizited HTML is used.
" onload="alert(1);" data-xss="
replace()
setAttribute()
This fixes a potential XSS vulnerability for favicons like
" onload="alert(1);" data-xss="
Instead of usingreplace()
, set the favicon URL viasetAttribute()
or by other ways of unsuring sanizited HTML is used.