Hi Isomorphic,
please try this sample (v12.0p_2019-08-18) and put canEdit:true. Then edit an item's name to Hello <b>bold</b> world.
You'll see this:
W.r.t. the showcase hardening you spoke about here I think it might be a good idea to have all the showcase .ds.xml to have escapeHTML="true" in order not to have XSS issues in the very first application a new user sees.
I found this preparing a testcase where an existing escapeHTML="true" is not applied and when I wanted to recreate this issue in the showcase.
Best regards
Blama
please try this sample (v12.0p_2019-08-18) and put canEdit:true. Then edit an item's name to Hello <b>bold</b> world.
You'll see this:
W.r.t. the showcase hardening you spoke about here I think it might be a good idea to have all the showcase .ds.xml to have escapeHTML="true" in order not to have XSS issues in the very first application a new user sees.
I found this preparing a testcase where an existing escapeHTML="true" is not applied and when I wanted to recreate this issue in the showcase.
Best regards
Blama
Comment