bootstrap-switch icon indicating copy to clipboard operation
bootstrap-switch copied to clipboard

Published 20 hours ago verified publisher icon Bttstrp

Fix potential xss attack

Open jwcooper opened this issue 4 years ago • 5 comments

Working example: https://jsfiddle.net/876myrk5/

$('[data-toggle="switch"]').bootstrapSwitch({onText: ">'><details open ontoggle=confirm(document.domain)>"});

If any sites allow switches based on user submitted configuration, they could be open to this issue.

jwcooper avatar Jul 30 '20 20:07 jwcooper

Hi, is this fix something you consider releasing soon?

ggkitsas avatar Sep 16 '20 08:09 ggkitsas

@LostCrew are you open to adding co-maintainers on this repository? Myself (and possibly @asankov) would be interested b/c we depend on this.

atodorov avatar Dec 01 '20 20:12 atodorov

@atodorov @asankov Where can I reach you to chat privately?

LostCrew avatar Jan 03 '21 12:01 LostCrew

@LostCrew both of our email addresses are visible in our profiles.

atodorov avatar Jan 03 '21 12:01 atodorov

Is there anyone still working on this fix? thanks

austinmhyatt avatar Aug 02 '21 23:08 austinmhyatt