Closed bunnypouts closed 2 years ago
The url option is vulnerable to XSS. filter the url properly to prevent XSS for more on this please visit https://owasp.org/www-community/xss-filter-evasion-cheatsheet There should be events to handle javascript execution.
Thanks for the issue! It seems this can be fixed by adding encodeURI here and here
PRs are welcome if not I will release a fix as soon as possible, in the meantime the same encodeURI can be done by the developer who uses the package.
encodeURI
nandi95
commented
3 years ago
The url option is vulnerable to XSS. filter the url properly to prevent XSS for more on this please visit https://owasp.org/www-community/xss-filter-evasion-cheatsheet There should be events to handle javascript execution.