Skip to content

Javascript gets executed when the tooltip content has javascript script #69

Open
Open
Javascript gets executed when the tooltip content has javascript script#69

Description

@sabinbogati1
sabinbogati1
opened on Aug 9, 2021

Hi,
So i came up with this issue where if the content data has JavaScript code script then its gets executed.

Examples:

const data = {
  "email": "<img src=x onerror=prompt(1)>@x.y",
  "firstName": "Sabin",
  "lastName": "Bogati"
}

<Tooltip content={JSON.stringify(data, null, 2)} className="json-tooltip">
  <span className="text-body">
    Placeholder....
  </span>
</Tooltip>

how do i disable JavaScript from executing?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions