label-studio icon indicating copy to clipboard operation
label-studio copied to clipboard

Published 20 hours ago verified publisher icon HumanSignal

Regression in non-inline HyperText/iframe HTML support caused by a fix to a hypothetical vulnerability

Open dchichkov opened this issue 2 months ago • 1 comments

Describe the bug Annotating data within an iframe (wikipedia articles, etc) in the HyperText element is no longer possible, as

To Reproduce Use non-inline iframe in the HyperText element and include

Expected behavior It should be possible to render modern HTML that includes scripting withing the HyperText/iframe.

Environment (please complete the following information):

  • OS: [e.g. iOS]
  • Label Studio Version 1.12.0

Additional context Sanitized internal data or data from sources like wikipedia can not contain a hypothetical vulnerability highlighted by this CVE. This hypothetical vulnerability is also unimpactful, as the service is stand-alone and isolated from any high-value financial/industry targets.

dchichkov avatar May 08 '24 20:05 dchichkov