You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is very uncommon. There are many different ways to screw up getting user data. However doing that + also spreading is unusual. We decided in #3473 that React should add an extra layer of protection for these types of mistakes. This one is much more uncommon than the one in #3473 though.
You should already have a pretty centralized way of sanitizing these objects so it seems to me that adding a Symbol to this object shouldn't be that big of a deal though.
I am running react18 and recently installed and ran AuditJS scan against the project. In the scan react version 18.1.0 was flagged for Cross-Site Scripting (XSS) and this issue was a referenced link...
pkg:email@example.com - 1 vulnerability found!
Vulnerability Title: [sonatype-2017-0717] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description: react - Cross-Site Scripting (XSS)
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVSS Score: 4.7
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
I was wondering if any work is being done to resolve this issue?