-
-
Notifications
You must be signed in to change notification settings - Fork 447
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent XSS #374
Comments
Yes I am aware of this issue, thanks for pointing it out. I will fix it shortly |
you can use https://www.npmjs.com/package/dompurify to prevent xss |
issue is not closed for me. I can reproduce xss. |
Hey @chriswalg, what version of |
I tested on 2.0.8 and 2.0.10 |
you are right, it cannot be reproduced in the large chat window in which all messages are displayed. i can only reproduce it in the small chat window. |
Please share a screenshot. Also, what do you mean by the small chat window? Thanks! |
on https://vue-advanced-chat-app.netlify.app/chat is xss also reproducable. |
Hey @antoine92190, I don't think https://vue-advanced-chat-app.netlify.app/chat has been updated to the latest library version. Also, I'm not familiar with the small chat window view @chriswalg is referencing. If it's using |
Describe the bug
Currently we has not apply yet any protection from XSS exploit as below.
Steps to reproduce
Expected behavior
Prevent XSS
Screenshots
Device (please complete the following information)
Package version: 1.5.7
The text was updated successfully, but these errors were encountered: