Loading...

XML

Word

Printable

Type: Task
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.11.0, 7.11.0-alpha3
Affects Version/s: None
Component/s: webapp
Labels:
None

Problem
With the newly introduced translate directive it is possible to inject arbitrary HTML and JavaScript via HTML script tag.

Solution
Enable angular-translate sanitization strategy: http://angular-translate.github.io/docs/#/guide/19_security

is related to

CAM-9549 Update main frontend framework libraries to latest maintained versions

Closed

Assignee:: Unassigned
Reporter:: Tassilo Weidner-Mühl
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: 25/Jan/19 4:32 PM
Updated:: 29/Mar/19 5:39 PM
Resolved:: 06/Feb/19 3:02 PM