Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Broken link to XSS sanitizing HTML
See original GitHub issue📚 Docs or angular.io bug report
Description
The message logged in the console:
WARNING: sanitizing HTML stripped some content (see http://g.co/ng/security#xss).
The two symbols ). are included as a part of the link. They broke it !
🔬 Minimal Reproduction
What’s the affected URL?**
The code is under the core.js file at this lines:
if (isDevMode() && sanitizer.sanitizedSomething) {
console.warn(‘WARNING: sanitizing HTML stripped some content (see http://g.co/ng/security#xss).’);
}
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
Cross-site Scripting (XSS) in sanitize-html - Snyk
Overview. Sanitization of HTML strings is not applied recursively to input, allowing an attacker to potentially inject script and other markup.
Read more >How to sanitize third-party content with vanilla JS to prevent ...
To prevent a XSS attack, you need to sanitize any third-party content before rendering it into the UI. There are a few ways...
Read more >Cross Site Scripting Prevention - OWASP Cheat Sheet Series
HTML Sanitization ¶ · If you sanitize content and then modify it afterwards, you can easily void your security efforts. · If you...
Read more >XSS on Google Search - Sanitizing HTML in The Client?
An actual XSS on google.com by Masato Kinugawa. It abuses a parsing differential between a JavaScript enabled and disabled context.
Read more >Best way to handle security and avoid XSS with user entered ...
You'd be amazed how many sites you can break with this trick - HTML is even worse. If they know to deal with...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Fixed in #27982
This issue has been automatically locked due to inactivity. Please file a new issue if you are encountering a similar or related problem.
Read more about our automatic conversation locking policy.
This action has been performed automatically by a bot.