jekkos

I would like to see where the encoding then broke the rendering of these characters. The issue might be that the data rendered in an input field needs to be...

Will pick this up as a next thing

@objecttothis I have rebased this branch again here: https://github.com/opensourcepos/opensourcepos/pull/4066 not many changes remain.

I have double checked the issue and the XSS trigger you found does not come from bootstrap tables. In fact it is triggered through the notification toast, which shows this...

Let's move to the other PR. I have added a commit there that fixes the vulnerability that you have found

Fix is in master now.

Tested in master, works so will close.

One last thing to * check is the 3.3.9 -> 3.4 upgrade * clean db install seems to work * substitute the error log with throwing an exception

now interesting observation I was testing my last change in the migration which stopped the process, resent the login submission and then found this in the database dump Some keys...

@objecttothis I have done one last comparison between 3.3.9 upgrade and fresh install, and only found that in the upgraded version we have an extra index in items table on...