We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
5.34.0
Others
Chromium 122.0.6261.94
https://codesandbox.io/p/sandbox/trusting-bose-xz3y3k
如果给 Ellipsis content prop 提供一个带有 html 标签的超长字符串,那么将会发生 xss 注入,而且会导致字符串长度计算错误。
发生注入的位置应该是
ant-design-mobile/src/components/ellipsis/ellipsis.tsx
Lines 119 to 124 in 1d0fc6f
和
Lines 156 to 161 in 1d0fc6f
如果确认是这里发生注入,我可以尝试将我的补丁提一个 PR 修复。
No response
The text was updated successfully, but these errors were encountered:
欢迎 PR
Sorry, something went wrong.
No branches or pull requests
Version of antd-mobile
5.34.0
Operating system and its version
Others
Browser and its version
Chromium 122.0.6261.94
Sandbox to reproduce
https://codesandbox.io/p/sandbox/trusting-bose-xz3y3k
What happened?
如果给 Ellipsis content prop 提供一个带有 html 标签的超长字符串,那么将会发生 xss 注入,而且会导致字符串长度计算错误。
发生注入的位置应该是
ant-design-mobile/src/components/ellipsis/ellipsis.tsx
Lines 119 to 124 in 1d0fc6f
和
ant-design-mobile/src/components/ellipsis/ellipsis.tsx
Lines 156 to 161 in 1d0fc6f
如果确认是这里发生注入,我可以尝试将我的补丁提一个 PR 修复。
Relevant log output
No response
The text was updated successfully, but these errors were encountered: