Closed tbhaxor closed 4 years ago
Can you elaborate? I don't see how this is an issue. It is intentional to allow html so the developer may use svg. If they displaying content in the notification from their users then they should sanitize it themselves.
Ok fine got your point :wink:
Bug Report: The body content is not sanitized properly POC Payload:
<img src=x onerror="alert(1)">
Steps to reproduce