You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is #21 a concern? It seems to still be problematic...
attributes:
### rendered markup:
### click:
So the question is, does this matter? What if any are the attack vectors? Seems like if there is a concern, it would come inserting user content into these attributes 🤔
The text was updated successfully, but these errors were encountered:
After a little more research, this only seems to be a problem if user input is used for attribute names. Values appear to be properly escaped. In general it seems like it's always a bad idea to use user input for attribute names, but it still seems like a vector. Fwiw, similar things can be accomplished with EEx as well...
Is #21 a concern? It seems to still be problematic...
attributes:
### rendered markup:
### click:
So the question is, does this matter? What if any are the attack vectors? Seems like if there is a concern, it would come inserting user content into these attributes 🤔
The text was updated successfully, but these errors were encountered: