Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Sanitize entities when building HTML #9
We do not properly sanitize entities (labels, ...) we build the properties panel UI from. This leads to UI bugs or script injection in the worst case.
We properly sanitize user input in all places where it is being used to build the properties panel.
Original issue: bpmn-io/bpmn-js-properties-panel#296