XSS Vulnerability: HTML Code in field values is being executed by the datatable

morlandi / django-ajax-datatable

A Django app which provides the integration of a Django project with the jQuery Javascript library DataTables.net

MIT License

204 stars 64 forks source link

XSS Vulnerability: HTML Code in field values is being executed by the datatable #61

Closed Mike3285 closed 2 years ago

Mike3285 commented 2 years ago

If some HTML code is put in a model that is going to be rendered into a datatable with this plugin, any HTML code typed into a field of that instance will be executed and rendered by the AJAX datatable, including Githubissues.

Githubissues is a development platform for aggregating issues.