Open marksteward opened 7 years ago
bootstrap-tagsinput unescapes the values passed in for autocompletion. This is currently safe because we strip out tags before storing the DB, but if we ever had untrusted values in the DB it would lead to XSS.
bootstrap-tagsinput unescapes the values passed in for autocompletion. This is currently safe because we strip out tags before storing the DB, but if we ever had untrusted values in the DB it would lead to XSS.