label-studio
label-studio copied to clipboard
Regression in non-inline HyperText/iframe HTML support caused by a fix to a hypothetical vulnerability
Describe the bug Annotating data within an iframe (wikipedia articles, etc) in the HyperText element is no longer possible, as
To Reproduce Use non-inline iframe in the HyperText element and include
Expected behavior It should be possible to render modern HTML that includes scripting withing the HyperText/iframe.
Environment (please complete the following information):
- OS: [e.g. iOS]
- Label Studio Version 1.12.0
Additional context Sanitized internal data or data from sources like wikipedia can not contain a hypothetical vulnerability highlighted by this CVE. This hypothetical vulnerability is also unimpactful, as the service is stand-alone and isolated from any high-value financial/industry targets.