Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS handling for antd select options #1009

Open
alphazhe opened this issue Nov 26, 2023 · 0 comments
Open

XSS handling for antd select options #1009

alphazhe opened this issue Nov 26, 2023 · 0 comments

Comments

@alphazhe
Copy link
Contributor

Describe the bug
For antd component if I provider html elements as an option, they are getting executed. This is potential security vulnerability related to HTML injection or Cross-Site Scripting (XSS)

To Reproduce
Add "<img src=1 onerror=alert(1)>" as option in listValues and refresh
Screenshot 2023-11-26 at 4 56 07 PM
Screenshot 2023-11-26 at 4 55 45 PM

Expected behavior
Html elements should not get injected via options.
@alphazhe alphazhe changed the title XSS handling for options XSS handling for antd select options Nov 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alphazhe