Review text fields for XSS and whether YAML files with JavaScript can be loaded and popup on the report page
dmundra opened this issue · 1 comments
dmundra commented
HTML and markdown works. Need to test and sanitize for script code.
dmundra commented
Updating https://marked.js.org/ package and using https://www.npmjs.com/package/sanitize-html to prevent XSS.