[ ] You are testing using the non-minified version of html2canvas and checked any potential issues reported in the console
Bug reports:
Hi, Recently my team and I ran SAST report and we found that html2canvas has a Cross Site Scripting vulnerability on \html2canvas\html2canvas\dist\html2canvas.js , line 5698, Share with you next code
CacheStorage.setContext = function (window) {
CacheStorage._link = window.document.createElement('a');
CacheStorage._origin = CacheStorage.getOrigin(window.location.href);
};
My question here is, is it a real vulnerability ? why yes or not? and How we can fixed. By the way I founded something related on this old PR but there is tracking about it https://github.com/niklasvh/html2canvas/pull/2711
Please make sure you are testing with the latest release of html2canvas. Old versions are not supported and issues reported for them will be closed.
Please follow the general troubleshooting steps first:
Bug reports:
Hi, Recently my team and I ran SAST report and we found that html2canvas has a Cross Site Scripting vulnerability on \html2canvas\html2canvas\dist\html2canvas.js , line 5698, Share with you next code
CacheStorage.setContext = function (window) { CacheStorage._link = window.document.createElement('a'); CacheStorage._origin = CacheStorage.getOrigin(window.location.href); }; My question here is, is it a real vulnerability ? why yes or not? and How we can fixed. By the way I founded something related on this old PR but there is tracking about it https://github.com/niklasvh/html2canvas/pull/2711
Specifications: