You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+6-4Lines changed: 6 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -8,11 +8,13 @@
8
8
9
9
### Security Fixes
10
10
11
-
XSS/Script injection
11
+
XSS/Script injection vulnerablilty fixed in 0.7.4
12
12
13
-
* matestack-ui-core is vulnerable to XSS/Script injection
14
-
* matestack-ui-core does not excape strings by default and does not cover this in the docs
15
-
* matestack-ui-core should escape strings by default in order to prevent XSS/Script injection vulnerability
13
+
* matestack-ui-core was vulnerable to XSS/Script injection
14
+
* matestack-ui-core did not excape strings by default and did not cover this in the docs
15
+
* matestack-ui-core should have escaped strings by default in order to prevent XSS/Script injection vulnerability
16
+
* 0.7.4 fixes that by performing string escaping by default now
17
+
* a new component `unescaped` (like `plain` before) allows to render unsecaped strings, but forces the developer to explicitly make a concious decision about that
0 commit comments