Closed bunnypouts closed 2 years ago
The url option is vulnerable to XSS. filter the url properly to prevent XSS for more on this please visit https://owasp.org/www-community/xss-filter-evasion-cheatsheet There should be events to handle javascript execution.
Thanks for the issue! It seems this can be fixed by adding encodeURI here and here
PRs are welcome if not I will release a fix as soon as possible, in the meantime the same encodeURI can be done by the developer who uses the package.
encodeURI
The url option is vulnerable to XSS. filter the url properly to prevent XSS for more on this please visit https://owasp.org/www-community/xss-filter-evasion-cheatsheet There should be events to handle javascript execution.