Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[server][gui] Escape values for v-html attributes #3549

Merged
merged 1 commit into from Jan 4, 2022

Conversation

csordasmarton
Copy link
Collaborator

We are using v-html attribute on the UI side to dinamically rendering comments and analyzer commands. This can be very dangerous because it can easily lead to XSS vulnerabilities. To solve this problem the server will always return the escaped version of these values which can be safely rendered on the UI.

We are using `v-html` attribute on the UI side to dinamically rendering
comments and analyzer commands. This can be very dangerous because it can
easily lead to XSS vulnerabilities. To solve this problem the server
will always return the escaped version of these values which can be safely
rendered on the UI.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
GUI 🎨 server 🖥️ test ☑️ Adding or refactoring tests
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants