Open teeohhem opened 4 years ago
This lib is vulnerable to XSS attacks if html/javascript is entered as a search term. The lib has many instances of innerHTML replacements where textContent should be used.
innerHTML
textContent
Steps to reproduce: 1) Enter into the search box 2) Notice the javascript is executed because it's inserted into the DOM as html
https://github.com/redking/chosen-dojo/pull/6
This lib is vulnerable to XSS attacks if html/javascript is entered as a search term. The lib has many instances of
innerHTML
replacements wheretextContent
should be used.Steps to reproduce: 1) Enter