XSS injection fix

Open Thorgathis opened this issue 1 year ago • 1 comments

I'm sorry to say that I'm not very fluent in English.

However, when using the chat function on the web map, you are able to run any script or insert any html tag you wish.

Jan 06 '25 10:01 Thorgathis

Just to check have you tried running an actual script? Idk if it's meant to support formatting or not.

Feb 27 '25 20:02 jayzosayers

#638

i would say the original front end sanitized every html stuff for the chat but it seem it wont sanitized the description of marker so according to the original implementation this behaviour seem to be incorrect

Aug 14 '25 11:08 exkc