Open matteodelta opened 2 years ago
We really need an update to fix that problem or a work around
From the link in CVE:
Caveat User
- Note that the processing [[String#stripTags]] does is good enough for most
- purposes, but you cannot rely on it for security purposes.
Change stripTags function as below
function stripTags() { return this.replace(/<(?=(\w+))\1(\s+("[^"]"|'[^']'|[^>])+)?>|<\/(?=(\w+))\1>/gi, ''); }
Important to solve it and create a new build!
Last version of prototype is affected by vulnerability CVE-2020-27511
https://www.cvedetails.com/cve/CVE-2020-27511/
there will be an update to fix that problem? any other workaround?
Thanks