vue-json-tree-view icon indicating copy to clipboard operation
vue-json-tree-view copied to clipboard

Published 20 hours ago verified publisher icon fitzhavey

XSS injection risk

Open derhyl opened this issue 6 months ago • 1 comments

Hi,

I want to raise a potential security risk with the use of the package.

When showing json, if a json key contains HTML (ex: ), the expression is executed.

This makes it vulnerable to XSS injections.

In my opinion this should be solved by some sort of sanitization or strong warning in the documentation.

Kind regards

derhyl avatar Feb 07 '24 19:02 derhyl