Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IGNORED_TAGS Typo #249

Closed
banterglow opened this issue Apr 2, 2019 · 1 comment
Closed

IGNORED_TAGS Typo #249

banterglow opened this issue Apr 2, 2019 · 1 comment
Labels
bug:easyfix Easily fixed. bug Crush'em all.

Comments

@banterglow
Copy link

Is this a bug report or a feature request?

Bug report

Have you read the guidelines regarding bug report?

Yes

Have you read the documentation in its entirety?

Yes

Have you made sure that your issue hasn't already been reported/solved?

Yes

Is the bug specific to iOS or Android? Or can it be reproduced on both platforms?

No

Is the bug reproductible in a production environment (not a debug one)?

Yes

Have you been able to reproduce the bug in the provided example?

Yes

Environment

All environments

Steps to Reproduce

  1. Check the IGNORED_TAGS array in src/HTMLUtils.js
  2. There is a typo where the HTML tag dialog appears instead as diaglog.

Expected Behavior

Package should not render dialog tags by default.

Actual Behavior

Package does render dialog tags by default.

Reproducible Demo

N/A, typo clearly visible in source code
@banterglow banterglow changed the title Typo IGNORED_TAGS Typo Apr 2, 2019
@rufusraghunath
Copy link

There is another typo in IGNORED_TAGS where it says scripts instead of script. This means that actual script tags are currently allowed by default, which seems like a significant security issue!

@rufusraghunath rufusraghunath mentioned this issue Feb 13, 2020
Closed
@jsamr jsamr added bug Crush'em all. bug:easyfix Easily fixed. labels Jul 4, 2020
@jsamr jsamr closed this as completed in 4466e31 Jul 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug:easyfix Easily fixed. bug Crush'em all.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jsamr @rufusraghunath @banterglow