Closed grafana-dee closed 6 years ago
The doctype is not sanitized and can not be, and this allows unsafe content to be inserted into the output by encoding it within a doctype attribute. The only safe way to handle this quickly is not to permit the doctype.
The doctype is not sanitized and can not be, and this allows unsafe content to be inserted into the output by encoding it within a doctype attribute. The only safe way to handle this quickly is not to permit the doctype.