Issue #1598💬 AnsweredOpened November 20, 2018by kewilson0 reactions
outdated

Security Vulnerability Detected

Quick answerby artf

Thanks for the report @kewilson but that line is totally legit for the editor. The library itself shouldn't be "able to hurt", most of the vulnerabilities might be added during the integration

Read full answer below ↓

Question

Hi, our SAST scanner detected the following, thought you might like to know.

https://raw.githubusercontent.com/artf/grapesjs/dev/dist/grapes.js

Code (Line #29702): this.setElement(this.createElement(.result(this, 'tagName')));

Client_DOM_Stored_XSS exists @ public/dist/grapes.js Severity: High CWE: 79 https://cwe.mitre.org/data/definitions/79.html

Answers (2)

artfNovember 21, 2018

Thanks for the report @kewilson but that line is totally legit for the editor. The library itself shouldn't be "able to hurt", most of the vulnerabilities might be added during the integration

lock[bot]November 21, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

View full discussion on GitHub →

Related Questions and Answers

Continue research with similar issue discussions.

Issue #2044

Npm start to develop on local server didn't work

Did the procedure to start the local server using dev branch as described on README, it worked on the console, but fails on chrome and the...

3 answersUpdated June 25, 2020

Issue #1636

Unable to Insert Images into 1 Section Layout on Safari

Hello! This is an issue that only happens on Safari. We detected it on our project and thought there was something wrong with our code but...

3 answersUpdated December 7, 2019

Issue #987

[BUG/Question] Dropdown indicator not displayed for a custom trait

Hello, the dropdown (select) element arrow indicator icon is not rendered when adding a custom trait to a component: I'm using following co...

3 answersUpdated September 17, 2019

Issue #1051

[BUG] CommandAbstract's callRun and callStop should return result for backward compatibility

Hi @artf, after the latest upgrade (0.14.9) some of my commands that rely on the results of other commands fail. This happens because of th...

3 answersUpdated September 17, 2019

Paid Plugins That Match This Issue

Curated by issue keywords and label relevance to help you ship faster.

View all plugins

Loading paid plugin recommendations...

Free option

Check the open-source GrapesJS plugins on GitHub or run a quick search in our free catalog.

Browse free plugins →
Premium option

Premium plugins ship with support, regular updates, and production-ready features — save days of integration work.

Browse premium plugins →

Related tutorials

In-depth guides on the same topic.

All tutorials →

Tutorial

🚀 Introducing GrapesJS Email Blocky: The Ultimate Email Block Library for GrapesJS

Building professional, responsive, email-safe templates has always been one of the biggest challenges for developers and marketers.

Browse Plugin Categories

Jump directly to plugin category pages on the marketplace.

PresetsPluginsComponentsBlocksAssetsCommandsI18nLayersStylesStoragesRTENewslettersWeb pagesSite builders