New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTML input is not escaped #406
Labels
bug
Something isn't working
Comments
Curious, what kind of flexibility is mentioned here? When I type markup in a combo box, I do not see circumstances in which I'd want that added actual DOM to the page |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
System Information
Describe the bug
Potential Cross-Site Scripting (XSS) vulnerability
To Reproduce
HTML input is not escaped.
The text was updated successfully, but these errors were encountered: