Use hidden textarea to pass settings instead of <module-settings>
Closed this issue · 0 comments
neSpecc commented
Due to XSS vulnerability. Current scheme (JSON in html-tag) does not work correctly with HTML entities and quotes.
Closed this issue · 0 comments
Due to XSS vulnerability. Current scheme (JSON in html-tag) does not work correctly with HTML entities and quotes.