Closed gmarzaloni-onit closed 6 months ago
This scenario is out of scope as we only deal with HTML, not specific frameworks that have their own syntax. That said, the upcoming change in #511 would probably allow you to handle this use case. In the current version you can probably use the PostProcessNode
event to enable this use case.
Hello, HtmlSanitizer is not sanitize this example Vue.js script code:
This code, placed for example in a OPTION item, creates a XSS vulnerability on the page.
On load, the page shows the modal alert.