Ellipsis at risk of xss
Yangholmes opened this issue · comments
Yangholmes commented
Version of antd-mobile
5.34.0
Operating system and its version
Others
Browser and its version
Chromium 122.0.6261.94
Sandbox to reproduce
https://codesandbox.io/p/sandbox/trusting-bose-xz3y3k
What happened?
如果给 Ellipsis content prop 提供一个带有 html 标签的超长字符串,那么将会发生 xss 注入,而且会导致字符串长度计算错误。
发生注入的位置应该是
ant-design-mobile/src/components/ellipsis/ellipsis.tsx
Lines 119 to 124 in 1d0fc6f
和
ant-design-mobile/src/components/ellipsis/ellipsis.tsx
Lines 156 to 161 in 1d0fc6f
如果确认是这里发生注入,我可以尝试将我的补丁提一个 PR 修复。
Relevant log output
No response
afc163 commented
欢迎 PR