XSS handling for antd select options
Opened this issue · 0 comments
alphazhe commented
Describe the bug
For antd component if I provider html elements as an option, they are getting executed. This is potential security vulnerability related to HTML injection or Cross-Site Scripting (XSS)
To Reproduce
Add "<img src=1 onerror=alert(1)>"
as option in listValues and refresh
Expected behavior
Html elements should not get injected via options.