Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Safe HTML option? #683

Closed
kpagcha opened this issue Oct 19, 2018 · 2 comments
Closed

Safe HTML option? #683

kpagcha opened this issue Oct 19, 2018 · 2 comments
Labels
Request

Comments

@kpagcha
Copy link

kpagcha commented Oct 19, 2018

XSS is possible if this plugin is used wrong, e.g. passing <script>alert('hey')</script> to the title or message options. Is there a safe HTML or accepted HTML tags option? If not, it should probably be implemented.
@tiesont
Copy link
Member

tiesont commented Oct 19, 2018
edited
Loading

This is more or less a dupe of #661.

Do you have a particular scenario where injecting a script tag is relevant to using Bootbox? Sanitizing HTML is not a simple process, and I'm disinclined to add a dependency on another library just for a fuzzy need to mitigate a problem that's not really in the scope of using Bootbox. That's not to say it will never happen, but I don't see myself doing that, and since I'm the most active at the moment...

@tarlepp
Copy link
Collaborator

tarlepp commented Oct 20, 2018

Also usually you're making that content that is displayed in bootbox dialog - so imho you should trust yourself.

@tiesont tiesont closed this as completed Feb 27, 2019
@yonjah yonjah mentioned this issue Apr 9, 2019
Closed
@tiesont tiesont mentioned this issue May 23, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tiesont @tarlepp @kpagcha