typecho icon indicating copy to clipboard operation
typecho copied to clipboard

Published 20 hours ago verified publisher icon typecho

Fix unsafe use of jQuery .html()

Open l2dy opened this issue 2 years ago • 0 comments

.html() can introudce cross-site-scripting (XSS) vulnerabilities with strings from untrusted sources. Use .text() instead or sanitize the input.

l2dy avatar Apr 04 '22 12:04 l2dy