[Bug] Security Vulnerability Detected
Question
Hi, our SAST scanner detected the following, thought you might like to know.
https://raw.githubusercontent.com/artf/grapesjs/dev/dist/grapes.js
Code (Line #29702): this.setElement(this.createElement(.result(this, 'tagName')));
Client_DOM_Stored_XSS exists @ public/dist/grapes.js Severity: High CWE: 79 https://cwe.mitre.org/data/definitions/79.html
Answers (2)
Thanks for the report @kewilson but that line is totally legit for the editor. The library itself shouldn't be "able to hurt", most of the vulnerabilities might be added during the integration
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Related Questions and Answers
Continue research with similar issue discussions.
Issue #2044
Npm start to develop on local server didn't work
Did the procedure to start the local server using dev branch as described on README, it worked on the console, but fails on chrome and the...
Issue #1636
Unable to Insert Images into 1 Section Layout on Safari
Hello! This is an issue that only happens on Safari. We detected it on our project and thought there was something wrong with our code but...
Issue #987
[BUG/Question] Dropdown indicator not displayed for a custom trait
Hello, the dropdown (select) element arrow indicator icon is not rendered when adding a custom trait to a component: I'm using following co...
Issue #1051
[BUG] CommandAbstract's callRun and callStop should return result for backward compatibility
Hi @artf, after the latest upgrade (0.14.9) some of my commands that rely on the results of other commands fail. This happens because of th...
Paid Plugins That Match This Issue
Curated by issue keywords and label relevance to help you ship faster.
Loading paid plugin recommendations...
Browse Plugin Categories
Jump directly to plugin category pages on the marketplace.