search

mikitex70 / redmine_drawio

Macro plugin to embed draw.io diagrams into Redmine wiki pages
MIT License
125 stars 51 forks source link

Potential XSS #111

Closed mikitex70 closed 2 years ago

mikitex70 commented 2 years ago

Isse received by email from Liaham:

during a security scan I have got the advise to fix a potential XSS security vulnerability in

<form id="drawio_form">. Though I would evaluate the risk rather low I added a fix. 

I also translated the labels in the form to German.

I send you the patch file this way instead of a pull request since I was not sure what you prefer w.r.t. security issues.

xss_security_vulnerability_fix.zip