Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
【Security】vue-json-pretty has xss vulnerability
See original GitHub issueMy Local environment vue-json-pretty 1.8.2 it is vuejs library lastest
this is demo
<template>
<div>
<div>
<vue-json-pretty :deep="3" :data="testdata" show-line="false" />
</div>
</div>
</template>
<script>
import VueJsonPretty from 'vue-json-pretty'
import 'vue-json-pretty/lib/styles.css'
export default {
components: { VueJsonPretty },
data() {
return {
testdata: '{ a: "\r\n<img/src=x onerror=prompt(x)>" }'
}
}
}
then you can see this
This problem also exists, but it does not exist by default, but you need to turn on use custom formatter
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Security - Vue.js
Sometimes we receive vulnerability reports on how it's possible to do cross-site scripting (XSS) in Vue templates. In general, we do not consider...
Read more >Releases · leezng/vue-json-pretty - GitHub
A JSON tree view component that is easy to use and also supports data selection. ... fix: xss vulnerability by @souljorje in #164;...
Read more >Vue XSS Guide: Examples and Prevention - StackHawk
An XSS (also known as cross-site scripting) vulnerability is a type of malicious code injection vulnerability. It can happen when an attacker ...
Read more >Vue to a kill: XSS vulnerability in Vue.js revealed - PortSwigger
UPDATED Developers of the Vue.js JavaScript framework have addressed a nasty cross site scripting (XSS) vulnerability in the Chrome ...
Read more >Cross-site Scripting (XSS) in vue | CVE-2018-6341 | Snyk
A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@leezng please reopen this and close after https://github.com/leezng/vue-json-pretty/pull/163 & https://github.com/leezng/vue-json-pretty/pull/164 merge temporary published to npm with this fix: v2.x https://www.npmjs.com/package/@souljorje/vue-json-pretty v1.x https://www.npmjs.com/package/@souljorje/vue-json-pretty/v/1.8.4
@souljorje Thanks!