generator icon indicating copy to clipboard operation
generator copied to clipboard

Published 20 hours ago verified publisher icon bvipul

rawColumns instead of escapeColumns

Open NModern opened this issue 5 years ago • 1 comments

Hi. Using escapeColumns(['id']) in TableController.stub makes other columns to be unescaped, so it makes them vulnerable to XSS. I suggest using rawColumns for actions column to make raw only this column ( rawColumns(['actions']) ) , so others will be escaped always.

NModern avatar Oct 27 '19 15:10 NModern

nice suggestion @NModern, I will check the usage and do the needful

bvipul avatar Oct 30 '19 06:10 bvipul