Jesse Dahl

Here's the pending pull request for this issue https://github.com/jantimon/html-webpack-plugin/pull/1761

Yeah I get that. Maybe just a quick note in the docs about sanitizing your inputs before passing it in to bootbox?

oh yeah, didn't know the docs were on github too. i'll take a crack at it.

@vedmant you just need to make sure you pass your input through a sanitizer before passing it into this library.

It could be a "stored XSS" type of attack. Some malicious user enters some value that gets stored in the backend. Then later some other user accesses some record or...

I had similar issues with the ReplaceInFileWebpackPlugin and this plugin, and tried to rewrite it so that it ran in a different part of the cycle (before the zip plugin),...