Frontmatter
| id | 4482 |
| title | Cross Site Scripting (XSS) vulnerability |
| state | Closed |
| labels | bug |
| assignees | [] |
| createdAt | May 29, 2023, 6:43 PM |
| updatedAt | May 31, 2023, 6:14 PM |
| githubUrl | https://github.com/neomjs/neo/issues/4482 |
| author | Ghost |
| commentsCount | 0 |
| parentIssue | null |
| subIssues | [] |
| subIssuesCompleted | 0 |
| subIssuesTotal | 0 |
| blockedBy | [] |
| blocking | [] |
| closedAt | May 31, 2023, 6:14 PM |
Describe the bug Neo applications rendering unsanitized user inputs (e.g. forms) are vulnerable to XSS attacks.
To Reproduce Steps to reproduce the behavior:
"><div style='color: red;'>PWNED</div><input value="Another example:
</textarea><div style='color: red;'>PWNED</div><textarea>Expected behavior User input should be escaped