viewflow / django-material

Material Design for Django
http://viewflow.io/
BSD 3-Clause "New" or "Revised" License
2.49k stars 424 forks source link

Security issues (XSS) in materialize-css, Can you upgrade to newer version please? #530

Closed tomas-zemres closed 2 years ago

tomas-zemres commented 2 years ago

"npm audit" says:

materialize-css  *
Severity: moderate
Cross-Site Scripting in materialize-css - https://github.com/advisories/GHSA-98f7-p5rc-jx67
materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input - https://github.com/advisories/GHSA-7jvx-f994-rfw2
Cross-Site Scripting in materialize-css - https://github.com/advisories/GHSA-7752-f4gf-94gc
Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation - https://github.com/advisories/GHSA-rg3q-jxmp-pvjj
No fix available
node_modules/materialize-css

Can you switch to fixed materialize-css?

kmmbvnr commented 2 years ago

django-material v1 areasy uses customized materializecss library

upcoming django-viewflow v2 based on google material components