angular-toastr trustAsHtml used for title and message -XSS Attack

trustAsHtml used for title and message -XSS Attack

Open tushartrantor opened this issue 8 years ago • 0 comments

trustAsHtml used for title and message is prone to XSS when allowHtml true. Only ng-bind-html should be enough to allow for whitelisted tags according to me. How can I rectify this problem ?

Mar 03 '17 09:03 tushartrantor

angular-toastr angular-toastr copied to clipboard

trustAsHtml used for title and message -XSS Attack

angular-toastr
angular-toastr copied to clipboard