feat: add option to disable safe html

optimistex / ngx-select-ex

Angular based replacement for select boxes

https://optimistex.github.io/ngx-select-ex/

MIT License

111 stars 42 forks source link

feat: add option to disable safe html #195

Closed jurienhamaker closed 3 years ago

jurienhamaker commented 3 years ago

Because all text is automatically marked as safe html, user input is now vulnerable to XSS attacks on other users. Therefore I added the option to disable the sanitization in the sanitize() function if needed

Please merge and deploy this asap as this is a huge security risk.

Personally I would opt for it to be disabled by default and enabled by the developer if needed, but that would require a major version.

optimistex commented 3 years ago

@jurienhamaker Sounds nice. Thanks for the maintenance. I'll be able to check it out next week.

optimistex commented 3 years ago

@jurienhamaker Released https://github.com/optimistex/ngx-select-ex/releases/tag/v6.1.0

Thanks again for the maintain!