Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client

Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix

    SSO.init('javascript:alert("javascript successfully injected")')

This vulnerability was patched on version 0.1.0

This vulnerability can be prevented if user input correctly sanitized or there is no user input pass to the init function

Provide feedback