-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#2669 Fixed XSS vulnerabilities in graphical view components: #3042
#2669 Fixed XSS vulnerabilities in graphical view components: #3042
Conversation
Limraj
commented
Oct 29, 2024
- Fixed Simple Point: Name, Point name override, Style attribute, Display controls, Background color;
- Fixed Simple compound: Name, Background colour, Lead point, Sub point X;
- Fixed Simple Point: Name, Point name override, Style attribute, Display controls, Background color; - Fixed Simple compound: Name, Background colour, Lead point, Sub point X;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed Simple Point:
Point value is showing like: --> error
-
Name ---> ok, point selected with name of is not causing any issues
-
Style attribute ---> seems to not being escaped:
Display controls ---> ok, content is escaped:
Background color ---> seems to not being escaped:
-
Fixed Simple compound:
-
Background colour --> setting value with potential XSS and saving it --> no error --> saving graphical view and on read mode alert shows up one time:
-
Lead point --> ok, no alerts when data point with such name is selected:
-
Sub point X --> ok, no alerts when data point with such name is selected:
- Fixed: <span>value</span>; - Fixed: Background color, Style attribute; - Fixed value alphanumeric type: added properties: datapoint.type.alphanumeric.escaped default false;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.