Closed

HTML Injections #2338

0

ibrahim.onat created 2 years ago

ABP Framework version: v4.4.3
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes
Exception message and stack trace:
Steps to reproduce the issue:"

There is html injection vulnarability on some of the pages

2 Answer(s)

0

alper created 2 years ago
Support Team Director

thanks, we will take care of it. internal issue #8758
1

Mehmet created 2 years ago

Hi,

For some technical reasons, we have used innerHtml for the columns of the extensible table component. No vulnerability in this case. You cannot inject any script. Angular sanitizes it by default.

Thanks!

Have an answer to this question? Log in and write your answer.

Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11