Security Issue: XSS vulnerability in modal_helper:close_button

seyhunak / twitter-bootstrap-rails

Twitter Bootstrap for Rails 6.0, Rails 5 - Rails 4.x Asset Pipeline

4.49k stars 996 forks source link

Open 193s opened 8 years ago

193s commented 8 years ago

Proof of Concept:

= modal_header title: 'confirm', show_close: true, dismiss: 'modal"><script>alert(1)</script>'