django-autocomplete-light icon indicating copy to clipboard operation
django-autocomplete-light copied to clipboard

Published 20 hours ago verified publisher icon yourlabs

WidgetMixin : take the right id in the right place for field forwarding + XSS exploit fix

Open elapouya opened this issue 5 months ago • 0 comments

Actually, for field forwarding, there is a mismatch between the div id given at python side and the id at javascript side. At python side the widget id is not read at the right place.

In the PR there is a very quick fix for that.

There is also a XSS exploit possible in select2.js when displaying selected item : it requires to be escaped.

elapouya avatar Feb 26 '24 15:02 elapouya