You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Hi, I discovered a vulnerability when I tried to patch data from the API, but data that should not be in one of the options instead appeared in the existing select box.
This is vulnerable to attack via XSS and please follow up further.
I don't know if this can be solved in the same way by still making sure the item in the option is placed in the [items] configuration or not
Describe the bug
Hi, I discovered a vulnerability when I tried to patch data from the API, but data that should not be in one of the options instead appeared in the existing select box.
This is vulnerable to attack via XSS and please follow up further.
I don't know if this can be solved in the same way by still making sure the item in the option is placed in the [items] configuration or not
Reproducbile example
https://stackblitz.com/edit/angular-nckghm-umj73p
Expected behavior
That options other than those entered will not be rendered in the select box and prevent XSS attacks from occurring.
Screenshots
![image](https://private-user-images.githubusercontent.com/23228747/331519156-0e8acf4a-a82b-49ec-8b57-29670d91f963.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg5MDY3NDYsIm5iZiI6MTcxODkwNjQ0NiwicGF0aCI6Ii8yMzIyODc0Ny8zMzE1MTkxNTYtMGU4YWNmNGEtYTgyYi00OWVjLThiNTctMjk2NzBkOTFmOTYzLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjIwVDE4MDA0NlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPThmMDVlMjk1MGUwNzVlZDY1MDM1YWEzODMzMTdmM2JmYTc4YTcxYTZjZmZiYmFjODUyZDQzZDYyYjQ2OTkzZDQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.e5LFDEMT4H5T1BfFmvVKYKxVfQvH8-hNZdQtFAX23H8)
The text was updated successfully, but these errors were encountered: