Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Textinput: It is possible to inject markup via data-clear-btn-text #7603
When we first instantiate the clear-button-enabled textinput, we do not assign the clear button text to the anchor via
This can be exploited to inject markup.
We should be using