You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
XSS is possible if this plugin is used wrong, e.g. passing <script>alert('hey')</script> to the title or message options. Is there a safe HTML or accepted HTML tags option? If not, it should probably be implemented.
The text was updated successfully, but these errors were encountered:
Do you have a particular scenario where injecting a script tag is relevant to using Bootbox? Sanitizing HTML is not a simple process, and I'm disinclined to add a dependency on another library just for a fuzzy need to mitigate a problem that's not really in the scope of using Bootbox. That's not to say it will never happen, but I don't see myself doing that, and since I'm the most active at the moment...
XSS is possible if this plugin is used wrong, e.g. passing
<script>alert('hey')</script>
to thetitle
ormessage
options. Is there a safe HTML or accepted HTML tags option? If not, it should probably be implemented.The text was updated successfully, but these errors were encountered: