short: prevent XSS-injection #104

Open
wants to merge 1 commit into
from

Conversation

Projects
None yet
1 participant

longer: if the option is "yeah<script>alert('test')</script>" it would be transformed with multiselect so that a javascript alert is started. This change prevents this behaviour.

@Krassmus Krassmus short: prevent XSS-injection
longer: if the option is "<option>yeah&lt;script&gt;alert('test')&lt;/script&gt;</option>" it would be transformed with multiselect so that a javascript alert is started. This change prevents this behaviour.
4313ab6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment